Information disclosure in Dgtlmoon Changedetection.io

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as…

Vulnerability class: Information Disclosure

EPSS: 0.000 (4.9th percentile) — read the EPSS interpretation.

Affected products

Dgtlmoon Changedetection.io — versions < 0.54.7

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-58r7-4wr5-hfx8 (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/commit/65517a9c74a0cbe1a4661314470b28131ef5557f (x_refsource_MISC)
https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.7 (x_refsource_MISC)