CVE-2026-29039 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPa…
High CVSS: 8.8

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification. XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process. This issue has been patched in version 0.54.4.
Vendor
Webtechnologies
Product
Changedetection
CWE
CWE-94
Yayın Tarihi
2026-03-06 07:16:01
Güncelleme
2026-03-10 19:37:32
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-94 Changedetection HIGH Webtechnologies 2026

Referanslar

https://github.com/dgtlmoon/changedetection.io/commit/417d57e5749441e4be9acc4010369bded805d66f https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4 https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6fmw-82m7-jq6p