Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
changedetection.io Web Page Change Detection Tool Allows Malicious File Overwrite
CVE-2026-29065
GHSA-25g8-2mcf-fcx9
GHSA-25g8-2mcf-fcx9
Summary
The changedetection.io tool is not secure against malicious files uploaded to it. This means that if someone uploads a specially crafted file, they can overwrite any file on the server. Update to version 0.54.4 or later to fix this issue.
What to do
- Update changedetection.io to version 0.54.4.
- Update dgtlmoon changedetection-io to version 0.54.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | changedetection.io | <= 0.54.3 | 0.54.4 |
| dgtlmoon | changedetection-io | <= 0.54.4 | 0.54.4 |
| webtechnologies | changedetection | <= 0.54.4 | – |
Original title
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via pa...
Original description
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.
nvd CVSS4.0
8.8
Vulnerability type
CWE-22
Path Traversal
- https://github.com/advisories/GHSA-25g8-2mcf-fcx9
- https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fb...
- https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mc...
- https://nvd.nist.gov/vuln/detail/CVE-2026-29065
- https://github.com/dgtlmoon/changedetection.io Product
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026