Back to CVE List

CVE-2026-35000

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit the incomplete blocklist of dangerous XPath functions to access sensitive data from the local filesystem.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-184
Source
NVD
Vendor
dgtlmoon
Product
ChangeDetection.io

External References

Discussion (0)

Add Comment

No comments yet. Be the first!