Changedetection
CVE-2026-29065
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.
AnalysisAI
Zip Slip in changedetection.io before 0.54.4 via backup restore. PoC and patch available.
Technical ContextAI
CWE-22.
RemediationAI
Update.
More in Changedetection
View allchangedetection.io is a free open source web page change detection tool. [CVSS 8.6 HIGH]
Arbitrary file read in changedetection.io prior to 0.54.4 allows unauthenticated remote attackers to access sensitive fi
Reflected XSS in changedetection.io versions prior to 0.54.4 allows unauthenticated remote attackers to inject malicious
changedetection.io versions before 0.54.1 are vulnerable to reflected cross-site scripting (XSS) via the RSS endpoint, w
Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the m
Changedetection.io versions before 0.53.2 allow unauthenticated attackers to read arbitrary files from the application d
changedetection.io is an open source tool designed to monitor websites for content changes. Rated low severity (CVSS 3.7
changedetection.io is a free open source web page change detection tool. Rated low severity (CVSS 3.5), this vulnerabili
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-25g8-2mcf-fcx9