What is CVE-2026-27645?

CVE-2026-27645 is a medium-severity vulnerability in Dgtlmoon Changedetection.io, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-02-25.

How severe is CVE-2026-27645?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Dgtlmoon Changedetection.io

CVE-2026-27645

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask retu…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Dgtlmoon Changedetection.io — versions < 0.54.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-mw8m-398g-h89w (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/commit/a385c89abf44b52fcfa20c7c6a6dd3047c4c1eb5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-27645?: CVE-2026-27645 is a medium-severity vulnerability in Dgtlmoon Changedetection.io, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-02-25.
How severe is CVE-2026-27645?: Medium severity. CVSS v3 base score is 6.1 out of 10.