PYSEC-2026-28
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/changedetection-io/PYSEC-2026-28.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2026-28
- Aliases
-
- CVE-2026-35490
- GHSA-jmrh-xmgh-x9j4
- Published
- 2026-04-07T16:16:27.317Z
- Modified
- 2026-05-20T09:18:54.357492Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @loginoptionallyrequired decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8.
- References
Affected packages
PyPI / changedetection-io
Package
- Name
- changedetection-io
- View open source insights on deps.dev
- Purl
- pkg:pypi/changedetection-io
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.54.8
Affected versions
0.*
0.38.2
0.39
0.39.1
0.39.2
0.39.3
0.39.4
0.39.5
0.39.6
0.39.7
0.39.8
0.39.9
0.39.10
0.39.10.post1
0.39.10.post2
0.39.11
0.39.12
0.39.13
0.39.13.1
0.39.14
0.39.14.1
0.39.15
0.39.16
0.39.17
0.39.17.1
0.39.17.2
0.39.18
0.39.19
0.39.19.1
0.39.20
0.39.20.1
0.39.20.2
0.39.20.3
0.39.20.4
0.39.21
0.39.21.1
0.39.22
0.39.22.1
0.40.0
0.40.0.1
0.40.0.2
0.40.0.3
0.40.0.4
0.40.1.0
0.40.1.1
0.40.2
0.40.3
0.41
0.41.1
0.42
0.42.1
0.42.2
0.42.3
0.43.1
0.43.2
0.44
0.44.1
0.45
0.45.1
0.45.2
0.45.3
0.45.4
0.45.5
0.45.6
0.45.7
0.45.7.1
0.45.7.2
0.45.7.3
0.45.8
0.45.8.1
0.45.9
0.45.11
0.45.12
0.45.13
0.45.14
0.45.15
0.45.16
0.45.17
0.45.18
0.45.19
0.45.20
0.45.21
0.45.22
0.45.23
0.45.24
0.45.25
0.45.26
0.46.0
0.46.1
0.46.2
0.46.3
0.46.4
0.47.0
0.47.1
0.47.2
0.47.3
0.47.4
0.47.5
0.47.6
0.48.0
0.48.1
0.48.2
0.48.3
0.48.4
0.48.5
0.48.6
0.49.0
0.49.1
0.49.2
0.49.3
0.49.4
0.49.5
0.49.6
0.49.7
0.49.8
0.49.9
0.49.10
0.49.12
0.49.13
0.49.14
0.49.15
0.49.16
0.49.17
0.49.18
0.50.1
0.50.2
0.50.3
0.50.4
0.50.5
0.50.6
0.50.7
0.50.8
0.50.9
0.50.10
0.50.11
0.50.12
0.50.13
0.50.14
0.50.15
0.50.16
0.50.17
0.50.18
0.50.19
0.50.20
0.50.21
0.50.22
0.50.23
0.50.24
0.50.25
0.50.26
0.50.27
0.50.28
0.50.29
0.50.30
0.50.31
0.50.32
0.50.33
0.50.34
0.50.35
0.50.37
0.50.38
0.50.39
0.50.40
0.50.41
0.50.42
0.50.43
0.51.0
0.51.1
0.51.2
0.51.3
0.51.4
0.52.1
0.52.2
0.52.3
0.52.4
0.52.5
0.52.6
0.52.7
0.52.8
0.52.9
0.53.1
0.53.2
0.53.3
0.53.4
0.53.5
0.53.6
0.53.7
0.54.1
0.54.2
0.54.3
0.54.4
0.54.5
0.54.6
0.54.7