CVE-2026-43891— changedetection.io: Arbitrary Local File Read via crafted backup restore
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| dgtlmoon | changedetection.io | < 0.55.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-43891
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
changedetection.io: Arbitrary Local File Read via crafted backup restore
Source: NVD (National Vulnerability Database)
Vulnerability Description
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
changedetection.io 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
changedetection.io是dgtlmoon个人开发者的一个网站变更检测、监控和通知应用程序。 changedetection.io 0.55.1之前版本存在安全漏洞,该漏洞源于信任攻击者控制的从备份文件恢复的快照路径,可能导致读取目标本地文件内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| dgtlmoon | changedetection.io | < 0.55.1 | - |
II. Public POCs for CVE-2026-43891
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-43891
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: changedetection.io
- CVE-2026-41895
changedetection.io: XXE vulnerability in the changedetection - CVE-2026-35490
changedetection.io has an Authentication Bypass via Decorato - CVE-2026-35000
ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrar - CVE-2026-33981
Changedetection.io Discloses Environment Variables via jq en - CVE-2026-29065
changedetection.io: Zip Slip vulnerability in the backup res
Same vendor: dgtlmoon
- CVE-2026-41895
changedetection.io: XXE vulnerability in the changedetection - CVE-2026-35490
changedetection.io has an Authentication Bypass via Decorato - CVE-2026-35000
ChangeDetection.io < 0.54.7 SafeXPath3Parser Bypass Arbitrar - CVE-2026-33981
Changedetection.io Discloses Environment Variables via jq en - CVE-2026-29065
changedetection.io: Zip Slip vulnerability in the backup res
Same weakness: CWE-73
- CVE-2026-45008
phpMyFAQ - Path Traversal in Client::deleteClientFolder via - CVE-2026-42597
Gotenberg: Chromium URL conversion routes read arbitrary fil - CVE-2026-40893
Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group - CVE-2026-3892
Motors – Car Dealer, Classifieds & Listing <= 1.4.107 - Auth - CVE-2026-0259
WildFire WF-500 and WF-500-B: Arbitrary File Read and Delete
V. Comments for CVE-2026-43891
No comments yet