A vulnerability, which was classified as problematic , has been found in dgtlmoon changedetection.io up to 0.54.9 . Affected by this issue is the function xpath_filter . The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2026-41895 . The attack is possible to be carried out remotely. No exploit exists.