Skip to main content

Changedetection Io

1 CVEs product

Monthly

CVE-2026-35000 PyPI HIGH PATCH This Week

Arbitrary local file disclosure in ChangeDetection.io versions before 0.54.7 allows authenticated attackers to read sensitive files from the server filesystem by exploiting incomplete XPath function blocklist. The vulnerability stems from unblocked XPath 3.0/3.1 functions like json-doc() that bypass SafeXPath3Parser protections. EPSS score of 0.05% indicates low likelihood of widespread exploitation. No public exploit identified at time of analysis, though the flaw was reported by VulnCheck with vendor patch released in version 0.54.7.

Information Disclosure Changedetection Io
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Arbitrary local file disclosure in ChangeDetection.io versions before 0.54.7 allows authenticated attackers to read sensitive files from the server filesystem by exploiting incomplete XPath function blocklist. The vulnerability stems from unblocked XPath 3.0/3.1 functions like json-doc() that bypass SafeXPath3Parser protections. EPSS score of 0.05% indicates low likelihood of widespread exploitation. No public exploit identified at time of analysis, though the flaw was reported by VulnCheck with vendor patch released in version 0.54.7.

Information Disclosure Changedetection Io
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy