Medium severity5.5NVD Advisory· Published May 15, 2024· Updated Apr 15, 2026

CVE-2024-35184

Description

Paperless-ngx is a document management system that transforms physical documents into a searchable online archive. Starting in version 2.5.0 and prior to version 2.8.6, remote user authentication allows API access even if API access is explicitly disabled. Version 2.8.6 contains a patchc for the issue.

Patches

317a9114ebdb

https://github.com/paperless-ngx/paperless-ngxvia osv

ed05b40ba461

https://github.com/paperless-ngx/paperless-ngxvia osv

commit PR #6739

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/paperless-ngx/paperless-ngx/commit/ed05b40ba461641b1b59b0a92f51f3f6a66ce180nvd
github.com/paperless-ngx/paperless-ngx/pull/6739nvd
github.com/paperless-ngx/paperless-ngx/releases/tag/v2.8.6nvd
github.com/paperless-ngx/paperless-ngx/security/advisories/GHSA-72w4-hxqq-c256nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000