CVE-2026-41895
changedetection.io: XXE vulnerability in the changedetection.io project
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).
| CWE | CWE-611 |
| Vendor | dgtlmoon |
| Product | changedetection.io |
| Published | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for dgtlmoon changedetection.io
Be the first to know when new unknown vulnerabilities affecting dgtlmoon changedetection.io are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
dgtlmoon / changedetection.io
<= 0.54.9