Path Traversal in Dgtlmoon Changedetection.io

CVE-2026-29065

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Thi…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.000 (9.2th percentile) — read the EPSS interpretation.

Affected products

Dgtlmoon Changedetection.io — versions < 0.54.4

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mcf-fcx9 (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fbce04f29bb1b3aa (x_refsource_MISC)
https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4 (x_refsource_MISC)