CVE-2026-25527 | dgtlmoon changedetection.io up to 0.53.1 /static// send_from_directory path traversal

A vulnerability described as critical has been identified in dgtlmoon changedetection.io up to 0.53.1. This affects the function send_from_directory of the file /static//. Such manipulation leads to path traversal.

This vulnerability is traded as CVE-2026-25527. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More