CVE-2026-29065
CRITICAL WAF: High
CVSS 9.1
Published: 2026-03-06
CWE-22
changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| webtechnologies | changedetection | up to 0.54.4 |
References
- github.com (Patch)
- github.com (Product, Release Notes)
- github.com (Exploit, Vendor Advisory)