CVE-2026-35000
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
A vulnerability in ChangeDetection.io before version 0.54.7 allows bypassing protections in the SafeXPath3Parser. Attackers can read arbitrary local files using unblocked XPath 3.0/3.1 functions like json-doc().
Risk Assessment
The risk involves potential theft of sensitive data from the server's filesystem, such as configuration files, passwords, or API keys.
Recommendation
Immediately upgrade ChangeDetection.io to version 0.54.7 or later, which includes a complete blocklist of dangerous XPath functions.
Original NVD description (English source)
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit the incomplete blocklist of dangerous XPath functions to access sensitive data from the local filesystem.

