CVE-2026-29065CRITICAL 9.1EPSS p40.4%

CVE-2026-29065CVE-2026-29065

Description

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. This issue has been patched in version 0.54.4.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.53% probability of exploitation · percentile 40.4% · 2026-06-19T12:03:05Z
Published2026-03-06
Last modified2026-03-10

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/dgtlmoon/changedetection.io/commit/1d7d812eb0faab37042246e2fbce04f29bb1b3aa
  2. https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4
  3. https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-25g8-2mcf-fcx9

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27696
CVE
CVE-2025-66945
CVE
CVE-2026-1311
CVE
CVE-2025-49199
CVE
CVE-2026-0805
CVE
CVE-2026-33026
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.