changedetection.io: Arbitrary Local File Read via crafted backup restore

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.

Basic Information

ID CVE-2026-43891

Source GitHub_M

Published May 12, 2026 at 16:56

Affected Product

Vendor dgtlmoon

Product changedetection.io

Version < 0.55.1

Affected Versions dgtlmoon changedetection.io < 0.55.1

CWE Classification

CWE-73

References

github.com /dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56

{
    "lastseen": "",
    "description": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and  returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.",
    "published": "2026-05-12T16:56:33.823Z",
    "modified": "2026-05-12T16:56:33.823Z",
    "type": "cve",
    "title": "changedetection.io: Arbitrary Local File Read via crafted backup restore",
    "source": "GitHub_M",
    "references": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56",
    "id": "CVE-2026-43891",
    "bulletinFamily": "",
    "cwe": [
        "CWE-73"
    ],
    "cvelist": null,
    "sourceData": "dgtlmoon changedetection.io < 0.55.1",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "changedetection.io",
    "version": "< 0.55.1",
    "vendor": "dgtlmoon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

changedetection.io: Arbitrary Local File Read via crafted backup restore_CVE-2026-43891