CVE-2026-41895

Source
https://cve.org/CVERecord?id=CVE-2026-41895
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41895.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41895
Aliases
Published
2026-05-12T16:52:23.680Z
Modified
2026-07-08T08:13:13.218370380Z
Severity
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
changedetection.io: XXE vulnerability in the changedetection.io project
Details

changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpathfilter() switches to XML mode for XML/RSS content and creates etree.XMLParser(stripcdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41895.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-611"
    ]
}
References

Affected packages

Git / github.com/dgtlmoon/changedetection.io

Affected ranges

Type
GIT
Repo
https://github.com/dgtlmoon/changedetection.io
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:webtechnologies:changedetection:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.54.9"
        }
    ]
}

Affected versions

0.*
0.1
0.11
0.12
0.2
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
0.34
0.35
0.37
0.38
0.38.1
0.38.2
0.39
0.39.1
0.39.10
0.39.11
0.39.12
0.39.13
0.39.13.1
0.39.14
0.39.15
0.39.16
0.39.17
0.39.17.1
0.39.17.2
0.39.18
0.39.19
0.39.19.1
0.39.2
0.39.20
0.39.20.1
0.39.20.2
0.39.20.3
0.39.20.4
0.39.21
0.39.21.1
0.39.22
0.39.22.1
0.39.3
0.39.4
0.39.5
0.39.6
0.39.7
0.39.8
0.39.9
0.40.0
0.40.0.2
0.40.0.3
0.40.0.4
0.40.1.0
0.40.1.1
0.40.2
0.40.3
0.41
0.41.1
0.42
0.42.1
0.42.2
0.42.3
0.43
0.43.1
0.43.2
0.44
0.44.1
0.44.2
0.45
0.45.1
0.45.10
0.45.12
0.45.13
0.45.14
0.45.15
0.45.16
0.45.17
0.45.18
0.45.19
0.45.2
0.45.20
0.45.21
0.45.22
0.45.23
0.45.24
0.45.25
0.45.26
0.45.3
0.45.4
0.45.5
0.45.6
0.45.7
0.45.7.1
0.45.7.2
0.45.7.3
0.45.8
0.45.8.1
0.45.9
0.46.00
0.46.01
0.46.02
0.46.03
0.46.04
0.47.00
0.47.01
0.47.03
0.47.04
0.47.05
0.47.06
0.48.00
0.48.01
0.48.03
0.48.04
0.48.05
0.48.06
0.49.0
0.49.1
0.49.10
0.49.11
0.49.12
0.49.13
0.49.14
0.49.15
0.49.16
0.49.17
0.49.18
0.49.2
0.49.3
0.49.4
0.49.5
0.49.6
0.49.7
0.49.8
0.49.9
0.50.01
0.50.1
0.50.10
0.50.11
0.50.12
0.50.13
0.50.14
0.50.15
0.50.16
0.50.17
0.50.18
0.50.19
0.50.2
0.50.20
0.50.21
0.50.22
0.50.23
0.50.24
0.50.25
0.50.26
0.50.27
0.50.28
0.50.29
0.50.3
0.50.30
0.50.31
0.50.32
0.50.33
0.50.34
0.50.35
0.50.37
0.50.38
0.50.39
0.50.4
0.50.40
0.50.41
0.50.42
0.50.43
0.50.5
0.50.6
0.50.7
0.50.8
0.50.9
0.51.00
0.51.01
0.51.1
0.51.2
0.51.3
0.51.4
0.52.1
0.52.2
0.52.3
0.52.4
0.52.5
0.52.7
0.52.8
0.52.9
0.53.1
0.53.2
0.53.3
0.53.4
0.53.5
0.53.6
0.53.7
0.54.1
0.54.2
0.54.3
0.54.4
0.54.5
0.54.6
0.54.7
0.54.8
0.54.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41895.json"