CVE-2026-43891 | THREATINT

Description

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.

PUBLISHED Reserved 2026-05-04 | Published 2026-05-12 | Updated 2026-05-13 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-73: External Control of File Name or Path

Product status

< 0.55.1

affected

References

github.com/...ket-id/security/advisories/GHSA-w6p7-2fxx-4f44 exploit

github.com/...ion.io/security/advisories/GHSA-8757-69j2-hx56

cve.org (CVE-2026-43891)

nvd.nist.gov (CVE-2026-43891)

Download JSON