What is CVE-2026-35000?

ChangeDetection.io versions prior to 0.54.7 have a high-severity protection bypass vulnerability. This vulnerability allows attackers to read arbitrary local files, posing a significant risk to sensitive data. Organizations should prioritize patching immediately.

What is the severity of CVE-2026-35000?

CVE-2026-35000 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2026-35000 | High Vulnerability in webtechnologies ChangeDetection.io

ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit the incomplete blocklist of dangerous XPath functions to access sensitive data from the local filesystem. With a CVSS score of 7.1, this vulnerability is classified as high severity.

Risk to organizations includes unauthorized access to sensitive data stored on local files. The low attack complexity and the need for only low privileges increase the likelihood of successful exploitation. As this vulnerability allows network access without user interaction, it becomes even more critical to address promptly. Organizations should prioritize patching immediately.

This vulnerability has been analyzed and disclosed, with the latest publication date being April 1, 2026. The urgency for defenders is underscored by the potential for sensitive data exposure, which may have severe implications for affected organizations.

No public exploit has been confirmed, but the existence of the vulnerability poses a significant risk that warrants immediate attention.

Vulnerability Details

The vulnerability allows attackers to bypass protections in the SafeXPath3Parser, effectively enabling them to access local files through unblocked XPath functions. This represents a serious security flaw that could lead to unauthorized data access.

The CVSS version 4.0 score of 7.1 indicates a high severity level, making it imperative for organizations using affected versions to act swiftly. The vulnerability impacts the ChangeDetection product from webtechnologies, specifically versions prior to 0.54.7.

Technical Analysis

The root cause of this vulnerability lies in the inadequate blocking of certain dangerous XPath functions, which allows access to sensitive local files. The attack vector is network-based, and the complexity is low, requiring only low privileges with no user interaction needed.

The vulnerability primarily impacts confidentiality, with a high impact score indicating that sensitive data could be exposed. However, it does not affect integrity or availability.

Risk & Impact Analysis

Organizations that deploy ChangeDetection.io versions prior to 0.54.7 face real-world risks, including potential data breaches and unauthorized data access. Given the nature of the vulnerability, attackers may exploit this to gain sensitive information, leading to severe repercussions for affected entities.

The urgency is classified as high based on the CVSS score. Organizations should address this vulnerability in their priority patch cycle to mitigate risks associated with unauthorized access.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of ChangeDetection.io prior to 0.54.7. Organizations should ensure they update to this version or later to mitigate the risk.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to ChangeDetection.io version 0.54.7 or later. If immediate upgrading is not possible, consider implementing configuration hardening by restricting access to sensitive files and monitoring for unauthorized access attempts.

Organizations may also benefit from conducting a thorough security assessment to identify potential vulnerabilities and strengthen their defenses. For further assistance, organizations can refer to the application security assessment services.

Detection Guidance

Organizations should monitor logs for unusual access patterns or attempts to access local files via XPath functions. Behavioral anomalies and unauthorized access attempts should be flagged for further investigation.

AppSecure Threat Intelligence Insight

The high severity of this vulnerability highlights the importance of maintaining strict access controls and regular updates for web technologies. Organizations should learn from incidents involving similar vulnerabilities to enhance their security posture.

Security teams are encouraged to review their vulnerability management programs and consider integrating continuous security testing into their workflows to proactively address potential threats.

Furthermore, adopting a comprehensive approach to penetration testing can help identify and mitigate similar vulnerabilities before they are exploited.

Engaging with red teaming services may also provide valuable insights into potential attack vectors and enhance overall security.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-35000: High Vulnerability in webtechnologies ChangeDetection.io