RCE in Dgtlmoon Changedetection.io

CVE-2026-29039

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath ex…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Dgtlmoon Changedetection.io — versions < 0.54.4

Weakness classification (CWE)

CWE-94 — Code Injection

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6fmw-82m7-jq6p (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/commit/417d57e5749441e4be9acc4010369bded805d66f (x_refsource_MISC)
https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4 (x_refsource_MISC)