HIGH
dgtlmoon
CVE published 2026-04-01
CVE-2026-35000
ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation. This vulnerability allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. The vulnerability exists due to an incomplete blocklist of dangerous XPath functions, enabling attackers to access sen [truncated]