CVE-2026-43891 (GCVE-0-2026-43891)
Vulnerability from cvelistv5 – Published: 2026-05-12 16:56 – Updated: 2026-05-13 14:36
VLAI?
Title
changedetection.io: Arbitrary Local File Read via crafted backup restore
Summary
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
Severity ?
7.5 (High)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/dgtlmoon/changedetection.io/se… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| dgtlmoon | changedetection.io |
Affected:
< 0.55.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-43891",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-13T14:36:12.119506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T14:36:51.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "changedetection.io",
"vendor": "dgtlmoon",
"versions": [
{
"status": "affected",
"version": "\u003c 0.55.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T16:56:33.823Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56"
}
],
"source": {
"advisory": "GHSA-8757-69j2-hx56",
"discovery": "UNKNOWN"
},
"title": "changedetection.io: Arbitrary Local File Read via crafted backup restore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-43891",
"datePublished": "2026-05-12T16:56:33.823Z",
"dateReserved": "2026-05-04T15:17:09.330Z",
"dateUpdated": "2026-05-13T14:36:51.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43891",
"date": "2026-05-21",
"epss": "0.00037",
"percentile": "0.11059"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43891\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-12T18:17:28.493\",\"lastModified\":\"2026-05-15T14:20:12.590\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-73\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:webtechnologies:changedetection:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.55.1\",\"matchCriteriaId\":\"9ABB97F7-527C-49E5-9977-06AE0C451652\"}]}]}],\"references\":[{\"url\":\"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\",\"Not Applicable\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-43891\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T14:36:12.119506Z\"}}}], \"references\": [{\"url\": \"https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T14:36:38.993Z\"}}], \"cna\": {\"title\": \"changedetection.io: Arbitrary Local File Read via crafted backup restore\", \"source\": {\"advisory\": \"GHSA-8757-69j2-hx56\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"dgtlmoon\", \"product\": \"changedetection.io\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.55.1\"}]}], \"references\": [{\"url\": \"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56\", \"name\": \"https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73: External Control of File Name or Path\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-12T16:56:33.823Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-43891\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T14:36:51.163Z\", \"dateReserved\": \"2026-05-04T15:17:09.330Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-12T16:56:33.823Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-43891
Vulnerability from fkie_nvd - Published: 2026-05-12 18:17 - Updated: 2026-05-15 14:20
Severity ?
Summary
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56 | Exploit, Mitigation, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44 | Exploit, Mitigation, Vendor Advisory, Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webtechnologies | changedetection | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webtechnologies:changedetection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ABB97F7-527C-49E5-9977-06AE0C451652",
"versionEndExcluding": "0.55.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1."
}
],
"id": "CVE-2026-43891",
"lastModified": "2026-05-15T14:20:12.590",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-12T18:17:28.493",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory",
"Not Applicable"
],
"url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-8757-69J2-HX56
Vulnerability from github – Published: 2026-05-05 21:16 – Updated: 2026-05-14 20:31
VLAI?
Summary
changedetection.io has an Arbitrary Local File Read via a crafted backup restore
Details
Details
The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files.
The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt.
Relevant code: - changedetectionio/blueprint/backups/restore.py - changedetectionio/blueprint/backups/restore.py
After restore, the application parses history.txt in the watch history property. This is the core trust-boundary issue.
Relevant code: - changedetectionio/model/Watch.py - changedetectionio/model/Watch.py - changedetectionio/model/Watch.py
The relevant logic is effectively:
if os.sep not in v and '/' not in v and '\\' not in v:
v = os.path.join(self.data_dir, v)
else:
snapshot_fname = os.path.basename(v)
proposed_new_path = os.path.join(self.data_dir, snapshot_fname)
if not os.path.exists(v) and os.path.exists(proposed_new_path):
v = proposed_new_path
This has the following security consequence:
- If the
history.txtvalue is only a filename, it is resolved safely underself.data_dir. - If the value contains path separators, it is treated as a path reference rather than a watch-local snapshot name.
- If that external path already exists, it is preserved unchanged.
As a result, a malicious restored history.txt entry such as:
1776969105,/etc/passwd
will be accepted if the referenced file exists and is readable by the application process.
The second vulnerable step is in get_history_snapshot(). Once the untrusted path has been accepted into the watch history, the application reads the resolved path directly without enforcing that it remains inside the watch directory.
Relevant code: - changedetectionio/model/Watch.py
That function eventually performs direct file reads such as:
with open(filepath, 'r', encoding='utf-8', errors='ignore') as f:
return f.read()
The third step is reachability. The trusted history entry is consumed by both the Preview UI and the watch history API.
Relevant code: - changedetectionio/blueprint/ui/preview.py - changedetectionio/api/Watch.py
In the Preview flow, the application selects the latest history timestamp and calls:
content = watch.get_history_snapshot(timestamp=timestamp)
In the API flow, the application also calls:
content = watch.get_history_snapshot(timestamp=timestamp)
This creates the following end-to-end exploit chain:
- An attacker supplies a crafted backup ZIP.
- The restore process preserves attacker-controlled
history.txt. - The
history.txtparser accepts an absolute or out-of-directory path if that path exists. - Preview or the history API dereferences the stored path directly.
- The application returns the contents of the targeted local file.
The root cause is that imported history entries are treated as trusted filesystem paths instead of being restricted to safe basenames under watch.data_dir.
PoC
The following proof of concept demonstrates the end-to-end exploit chain. It assumes the attacker has gained access to the backup restore functionality to upload the crafted archive.
- Create a normal watch in the UI, for example:
https://example.com
- Trigger at least one successful check so the watch generates a valid history entry and can later be included in a backup.
- Go to the
Backupssection and create a backup archive.
- Extract the backup archive and identify the watch UUID directory that contains the target watch's
watch.json. For example:
5db3d3d8-71e6-4db2-a81e-e1f0445c3e47
-
Open that watch directory and edit
history.txt. -
Replace the latest history entry with a path to an existing local file that is readable by the application process. For example:
1776969188,/etc/passwd
If the timestamp differs in the extracted backup, keep the original latest timestamp and only replace the filename/path portion.
Example:
1776969188,742215043ff9be7e635f05e680ff9b11.txt
becomes:
1776969188,/etc/passwd
- Repack the backup so that the UUID directories are located at the root of the ZIP archive.
Important: - Do not add an extra parent directory layer when repacking. - The archive root should contain directories such as:
<watch-uuid>/
<group-uuid>/
changedetection.json
url-list.txt
- In the UI, restore the modified backup and enable replacement of existing watches with the same UUID.
-
After restore completes, open
Previewfor the restored watch. -
The application will read the attacker-controlled path from
history.txtand display the contents of the referenced local file instead of the original watch snapshot.
Observed result: - The Preview page returns the content of the attacker-selected local file.
Expected result:
- The application should reject absolute paths or out-of-directory paths restored from history.txt.
- Snapshot history should be restricted to files within the watch's own data directory.
Optional API verification:
- The same issue can also be confirmed through the watch history API by requesting the modified timestamp after restore.
- The API returns the same file content because it also calls watch.get_history_snapshot(timestamp=timestamp) on the trusted history entry.
Impact
This is an arbitrary local file disclosure vulnerability reachable through malicious backup restore content.
Who is impacted: - Deployments where the application process has read access to sensitive local system files. - Docker or host-mounted environments where secrets, config files, or operational artifacts are explicitly readable by the service.
What can be exposed:
- Arbitrary System Files: Core operating system files (e.g., /etc/passwd, /proc/self/environ), system-level configurations, and host metrics.
- Application Data: Internal records and files residing under the /datastore directory.
- Secrets & Artifacts: Application-local configuration files, API tokens, database credentials, and other sensitive artifacts accessible to the application process.
By accessing the backup restore functionality and importing a crafted archive, an attacker can exploit the application's fail-open path validation. The confidentiality impact is exceptionally high because, once the payload is ingested, the application can be manipulated to disclose arbitrary local system files and highly sensitive environment variables directly through standard UI or API responses.
Recommendation
The application should treat all paths restored from history.txt as untrusted input.
The root cause is in changedetectionio/model/Watch.py, where values containing path separators are currently accepted as filesystem paths and preserved if the referenced file already exists.
The fix should be:
- Never trust absolute or external paths from
history.txt. - Normalize every history entry to
os.path.basename(v). - Join the normalized filename to
self.data_dir. - Skip the entry if the resolved file does not exist inside the watch directory.
Suggested code change:
snapshot_fname = os.path.basename(v.strip())
resolved_path = os.path.join(self.data_dir, snapshot_fname)
if not os.path.exists(resolved_path):
logger.warning(
f"Skipping unsafe or missing history entry for {self.get('uuid')}: {v!r}"
)
continue
tmp_history[k] = resolved_path
This ensures restored history entries can only reference files inside the watch's own data directory and prevents arbitrary local file reads through Preview or the history API.
Severity ?
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.54.10"
},
"package": {
"ecosystem": "PyPI",
"name": "changedetection.io"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.55.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-43891"
],
"database_specific": {
"cwe_ids": [
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T21:16:21Z",
"nvd_published_at": "2026-05-12T18:17:28Z",
"severity": "HIGH"
},
"details": "### Details\nThe vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files.\n\nThe vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using `shutil.copytree(entry.path, dst_dir)`. This preserves attacker-controlled files inside the restored watch directory, including `history.txt`.\n\nRelevant code:\n- [changedetectionio/blueprint/backups/restore.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/blueprint/backups/restore.py#L132)\n- [changedetectionio/blueprint/backups/restore.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/blueprint/backups/restore.py#L141)\n\nAfter restore, the application parses `history.txt` in the watch `history` property. This is the core trust-boundary issue.\n\nRelevant code:\n- [changedetectionio/model/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L460)\n- [changedetectionio/model/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L471)\n- [changedetectionio/model/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L478)\n\nThe relevant logic is effectively:\n\n```python\nif os.sep not in v and \u0027/\u0027 not in v and \u0027\\\\\u0027 not in v:\n v = os.path.join(self.data_dir, v)\nelse:\n snapshot_fname = os.path.basename(v)\n proposed_new_path = os.path.join(self.data_dir, snapshot_fname)\n if not os.path.exists(v) and os.path.exists(proposed_new_path):\n v = proposed_new_path\n```\n\nThis has the following security consequence:\n\n- If the `history.txt` value is only a filename, it is resolved safely under `self.data_dir`.\n- If the value contains path separators, it is treated as a path reference rather than a watch-local snapshot name.\n- If that external path already exists, it is preserved unchanged.\n\nAs a result, a malicious restored `history.txt` entry such as:\n\n`1776969105,/etc/passwd`\n\nwill be accepted if the referenced file exists and is readable by the application process.\n\nThe second vulnerable step is in `get_history_snapshot()`. Once the untrusted path has been accepted into the watch history, the application reads the resolved path directly without enforcing that it remains inside the watch directory.\n\nRelevant code:\n- [changedetectionio/model/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L554)\n\nThat function eventually performs direct file reads such as:\n\n```python\nwith open(filepath, \u0027r\u0027, encoding=\u0027utf-8\u0027, errors=\u0027ignore\u0027) as f:\n return f.read()\n```\n\nThe third step is reachability. The trusted history entry is consumed by both the Preview UI and the watch history API.\n\nRelevant code:\n- [changedetectionio/blueprint/ui/preview.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/blueprint/ui/preview.py#L77)\n- [changedetectionio/api/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/api/Watch.py#L263)\n\nIn the Preview flow, the application selects the latest history timestamp and calls:\n\n```python\ncontent = watch.get_history_snapshot(timestamp=timestamp)\n```\n\nIn the API flow, the application also calls:\n\n```python\ncontent = watch.get_history_snapshot(timestamp=timestamp)\n```\n\nThis creates the following end-to-end exploit chain:\n\n1. An attacker supplies a crafted backup ZIP.\n2. The restore process preserves attacker-controlled `history.txt`.\n3. The `history.txt` parser accepts an absolute or out-of-directory path if that path exists.\n4. Preview or the history API dereferences the stored path directly.\n5. The application returns the contents of the targeted local file.\n\nThe root cause is that imported history entries are treated as trusted filesystem paths instead of being restricted to safe basenames under `watch.data_dir`.\n\n\n### PoC\nThe following proof of concept demonstrates the end-to-end exploit chain. It assumes the attacker has gained access to the backup restore functionality to upload the crafted archive.\n\n1. Create a normal watch in the UI, for example:\n```text\nhttps://example.com\n```\n\n2. Trigger at least one successful check so the watch generates a valid history entry and can later be included in a backup.\n\n\u003cimg width=\"1230\" height=\"587\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a76302c9-48d6-4aa3-9bfc-0ba2fdb31156\" /\u003e\n\n3. Go to the `Backups` section and create a backup archive.\n\n\u003cimg width=\"1232\" height=\"390\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8fef0444-d8f0-4db6-be75-04fa7db2fec8\" /\u003e\n\n4. Extract the backup archive and identify the watch UUID directory that contains the target watch\u0027s `watch.json`. For example:\n```text\n5db3d3d8-71e6-4db2-a81e-e1f0445c3e47\n```\n\n5. Open that watch directory and edit `history.txt`.\n\n6. Replace the latest history entry with a path to an existing local file that is readable by the application process. For example:\n```text\n1776969188,/etc/passwd\n```\n\nIf the timestamp differs in the extracted backup, keep the original latest timestamp and only replace the filename/path portion.\n\nExample:\n```text\n1776969188,742215043ff9be7e635f05e680ff9b11.txt\n```\n\nbecomes:\n\n```text\n1776969188,/etc/passwd\n```\n\n\u003cimg width=\"1139\" height=\"366\" alt=\"image\" src=\"https://github.com/user-attachments/assets/07277b36-4747-4181-82d1-523385b40de3\" /\u003e\n\n7. Repack the backup so that the UUID directories are located at the root of the ZIP archive.\n\nImportant:\n- Do not add an extra parent directory layer when repacking.\n- The archive root should contain directories such as:\n```text\n\u003cwatch-uuid\u003e/\n\u003cgroup-uuid\u003e/\nchangedetection.json\nurl-list.txt\n```\n\n\u003cimg width=\"986\" height=\"353\" alt=\"image\" src=\"https://github.com/user-attachments/assets/21b30368-2cb5-4b88-9055-79d5bf06ad48\" /\u003e\n\n8. In the UI, restore the modified backup and enable replacement of existing watches with the same UUID.\n\n\u003cimg width=\"1229\" height=\"700\" alt=\"image\" src=\"https://github.com/user-attachments/assets/79abd9d2-8b2d-4e08-abf3-3b63238a8055\" /\u003e\n\n9. After restore completes, open `Preview` for the restored watch.\n\n10. The application will read the attacker-controlled path from `history.txt` and display the contents of the referenced local file instead of the original watch snapshot.\n\nObserved result:\n- The Preview page returns the content of the attacker-selected local file.\n\nExpected result:\n- The application should reject absolute paths or out-of-directory paths restored from `history.txt`.\n- Snapshot history should be restricted to files within the watch\u0027s own data directory.\n\nOptional API verification:\n- The same issue can also be confirmed through the watch history API by requesting the modified timestamp after restore.\n- The API returns the same file content because it also calls `watch.get_history_snapshot(timestamp=timestamp)` on the trusted history entry.\n\n\u003cimg width=\"1233\" height=\"545\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a2814a5a-2cdd-49a1-916b-c956dd5fda1f\" /\u003e\n\n### Impact\nThis is an arbitrary local file disclosure vulnerability reachable through malicious backup restore content.\n\nWho is impacted:\n- Deployments where the application process has read access to sensitive local system files.\n- Docker or host-mounted environments where secrets, config files, or operational artifacts are explicitly readable by the service.\n\nWhat can be exposed:\n- **Arbitrary System Files:** Core operating system files (e.g., `/etc/passwd`, `/proc/self/environ`), system-level configurations, and host metrics.\n- **Application Data:** Internal records and files residing under the /datastore directory.\n- **Secrets \u0026 Artifacts:** Application-local configuration files, API tokens, database credentials, and other sensitive artifacts accessible to the application process.\n\nBy accessing the backup restore functionality and importing a crafted archive, an attacker can exploit the application\u0027s fail-open path validation. The confidentiality impact is exceptionally high because, once the payload is ingested, the application can be manipulated to disclose arbitrary local system files and highly sensitive environment variables directly through standard UI or API responses.\n\n### Recommendation\nThe application should treat all paths restored from `history.txt` as untrusted input.\n\nThe root cause is in [changedetectionio/model/Watch.py](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L460), where values containing path separators are currently accepted as filesystem paths and preserved if the referenced file already exists.\n\nThe fix should be:\n\n1. Never trust absolute or external paths from `history.txt`.\n2. Normalize every history entry to `os.path.basename(v)`.\n3. Join the normalized filename to `self.data_dir`.\n4. Skip the entry if the resolved file does not exist inside the watch directory.\n\nSuggested code change:\n\n```python\nsnapshot_fname = os.path.basename(v.strip())\nresolved_path = os.path.join(self.data_dir, snapshot_fname)\n\nif not os.path.exists(resolved_path):\n logger.warning(\n f\"Skipping unsafe or missing history entry for {self.get(\u0027uuid\u0027)}: {v!r}\"\n )\n continue\n\ntmp_history[k] = resolved_path\n```\n\nThis ensures restored history entries can only reference files inside the watch\u0027s own data directory and prevents arbitrary local file reads through Preview or the history API.",
"id": "GHSA-8757-69j2-hx56",
"modified": "2026-05-14T20:31:14Z",
"published": "2026-05-05T21:16:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56"
},
{
"type": "WEB",
"url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43891"
},
{
"type": "PACKAGE",
"url": "https://github.com/dgtlmoon/changedetection.io"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "changedetection.io has an Arbitrary Local File Read via a crafted backup restore"
}
PYSEC-2026-30
Vulnerability from pysec - Published: 2026-05-12 18:17 - Updated: 2026-05-20 09:18
VLAI?
Details
changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.
Severity ?
7.5 (High)
Impacted products
| Name | purl | changedetection-io | pkg:pypi/changedetection-io |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "changedetection-io",
"purl": "pkg:pypi/changedetection-io"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.55.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.38.2",
"0.39",
"0.39.1",
"0.39.10",
"0.39.10.post1",
"0.39.10.post2",
"0.39.11",
"0.39.12",
"0.39.13",
"0.39.13.1",
"0.39.14",
"0.39.14.1",
"0.39.15",
"0.39.16",
"0.39.17",
"0.39.17.1",
"0.39.17.2",
"0.39.18",
"0.39.19",
"0.39.19.1",
"0.39.2",
"0.39.20",
"0.39.20.1",
"0.39.20.2",
"0.39.20.3",
"0.39.20.4",
"0.39.21",
"0.39.21.1",
"0.39.22",
"0.39.22.1",
"0.39.3",
"0.39.4",
"0.39.5",
"0.39.6",
"0.39.7",
"0.39.8",
"0.39.9",
"0.40.0",
"0.40.0.1",
"0.40.0.2",
"0.40.0.3",
"0.40.0.4",
"0.40.1.0",
"0.40.1.1",
"0.40.2",
"0.40.3",
"0.41",
"0.41.1",
"0.42",
"0.42.1",
"0.42.2",
"0.42.3",
"0.43.1",
"0.43.2",
"0.44",
"0.44.1",
"0.45",
"0.45.1",
"0.45.11",
"0.45.12",
"0.45.13",
"0.45.14",
"0.45.15",
"0.45.16",
"0.45.17",
"0.45.18",
"0.45.19",
"0.45.2",
"0.45.20",
"0.45.21",
"0.45.22",
"0.45.23",
"0.45.24",
"0.45.25",
"0.45.26",
"0.45.3",
"0.45.4",
"0.45.5",
"0.45.6",
"0.45.7",
"0.45.7.1",
"0.45.7.2",
"0.45.7.3",
"0.45.8",
"0.45.8.1",
"0.45.9",
"0.46.0",
"0.46.1",
"0.46.2",
"0.46.3",
"0.46.4",
"0.47.0",
"0.47.1",
"0.47.2",
"0.47.3",
"0.47.4",
"0.47.5",
"0.47.6",
"0.48.0",
"0.48.1",
"0.48.2",
"0.48.3",
"0.48.4",
"0.48.5",
"0.48.6",
"0.49.0",
"0.49.1",
"0.49.10",
"0.49.12",
"0.49.13",
"0.49.14",
"0.49.15",
"0.49.16",
"0.49.17",
"0.49.18",
"0.49.2",
"0.49.3",
"0.49.4",
"0.49.5",
"0.49.6",
"0.49.7",
"0.49.8",
"0.49.9",
"0.50.1",
"0.50.10",
"0.50.11",
"0.50.12",
"0.50.13",
"0.50.14",
"0.50.15",
"0.50.16",
"0.50.17",
"0.50.18",
"0.50.19",
"0.50.2",
"0.50.20",
"0.50.21",
"0.50.22",
"0.50.23",
"0.50.24",
"0.50.25",
"0.50.26",
"0.50.27",
"0.50.28",
"0.50.29",
"0.50.3",
"0.50.30",
"0.50.31",
"0.50.32",
"0.50.33",
"0.50.34",
"0.50.35",
"0.50.37",
"0.50.38",
"0.50.39",
"0.50.4",
"0.50.40",
"0.50.41",
"0.50.42",
"0.50.43",
"0.50.5",
"0.50.6",
"0.50.7",
"0.50.8",
"0.50.9",
"0.51.0",
"0.51.1",
"0.51.2",
"0.51.3",
"0.51.4",
"0.52.1",
"0.52.2",
"0.52.3",
"0.52.4",
"0.52.5",
"0.52.6",
"0.52.7",
"0.52.8",
"0.52.9",
"0.53.1",
"0.53.2",
"0.53.3",
"0.53.4",
"0.53.5",
"0.53.6",
"0.53.7",
"0.54.1",
"0.54.10",
"0.54.2",
"0.54.3",
"0.54.4",
"0.54.5",
"0.54.6",
"0.54.7",
"0.54.8",
"0.54.9"
]
}
],
"aliases": [
"CVE-2026-43891"
],
"details": "changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application extracts the archive and copies each restored watch UUID directory directly into the live datastore using shutil.copytree(entry.path, dst_dir). This preserves attacker-controlled files inside the restored watch directory, including history.txt. After restore, the application parses history.txt in the watch history property and returns the contents of the targeted local file. This vulnerability is fixed in 0.55.1.",
"id": "PYSEC-2026-30",
"modified": "2026-05-20T09:18:54.474633Z",
"published": "2026-05-12T18:17:28.493Z",
"references": [
{
"type": "EVIDENCE",
"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-8757-69j2-hx56"
},
{
"type": "EVIDENCE",
"url": "https://github.com/pocket-id/pocket-id/security/advisories/GHSA-w6p7-2fxx-4f44"
}
],
"related": [
"GHSA-8757-69j2-hx56",
"GHSA-w6p7-2fxx-4f44"
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…