CVE-2026-29065

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.4

Description A Zip Slip vulnerability exists in the backup restore functionality, allowing arbitrary file overwrite via path traversal in uploaded ZIP archives. The application uses zipfile.extractall() without validating entry paths, enabling attackers to escape the extraction directory using '../' sequences. A malicious ZIP archive can contain entries crafted to overwrite sensitive files, such as the Flask secret key (/secret.txt), application settings (changedetection.json), and watch configurations (url-watches.json or watch.json within a UUID directory). The vulnerability is triggered by uploading a specially crafted ZIP archive via the backup restore functionality at the /backups/restore endpoint. The restore backup() function (lines 50-53) is vulnerable. Attackers can upload ZIP files containing malicious content, which is then written to sensitive locations on the system.

Recommendations Versions prior to 0.54.4 should be updated to version 0.54.4 or later.