CVE-2026-29065

changedetection.io <0.54.4 - Path Traversal

Title source: llm

Description

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.

References (3)

[Patch] https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fbce04f29bb1b3aa

View Patch ZIP pw:eip

[Release Notes] https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4

[Vendor Advisory] https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mcf-fcx9

Scores

EPSS 0.0006

EPSS Percentile 18.3%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

pypi/changedetection.io < 0.54.4PyPI

Timeline

Published Mar 06, 2026

Tracked Since Mar 06, 2026