{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27696", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-23T17:56:51.202Z", "datePublished": "2026-02-25T04:16:22.764Z", "dateUpdated": "2026-02-25T14:51:16.695Z"}, "containers": {"cna": {"title": "changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"}, {"name": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b", "tags": ["x_refsource_MISC"], "url": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b"}], "affected": [{"vendor": "dgtlmoon", "product": "changedetection.io", "versions": [{"version": "< 0.54.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T04:16:22.764Z"}, "descriptions": [{"lang": "en", "value": "changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI \u2014 enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue."}], "source": {"advisory": "GHSA-3c45-4pj5-ch7m", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T14:51:00.509715Z", "id": "CVE-2026-27696", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T14:51:16.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27696", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T14:51:00.509715Z"}}}], "references": [{"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T14:51:11.760Z"}}], "cna": {"title": "changedetection.io Vulnerable to Server-Side Request Forgery (SSRF) via Watch URLs", "source": {"advisory": "GHSA-3c45-4pj5-ch7m", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "dgtlmoon", "product": "changedetection.io", "versions": [{"status": "affected", "version": "< 0.54.1"}]}], "references": [{"url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m", "name": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b", "name": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI \u2014 enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T04:16:22.764Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27696", "state": "PUBLISHED", "dateUpdated": "2026-02-25T14:51:16.695Z", "dateReserved": "2026-02-23T17:56:51.202Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-25T04:16:22.764Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webtechnologies:changedetection:*:*:*:*:*:*:*:*", "matchCriteriaId": "582BB3C2-9FD0-4217-A5DF-67ACC72BA029", "versionEndExcluding": "0.54.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI \u2014 enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue."}, {"lang": "es", "value": "changedetection.io es una herramienta gratuita de c\u00f3digo abierto para la detecci\u00f3n de cambios en p\u00e1ginas web. En versiones anteriores a la 0.54.1, changedetection.io es vulnerable a la Falsificaci\u00f3n de Petici\u00f3n del Lado del Servidor (SSRF) porque la funci\u00f3n de validaci\u00f3n de URL 'is_safe_valid_url()' no valida la direcci\u00f3n IP resuelta de las URL de vigilancia frente a rangos de direcciones privadas, de bucle invertido o de enlace local. Un usuario autenticado (o cualquier usuario cuando no hay contrase\u00f1a configurada, que es el valor predeterminado) puede a\u00f1adir una vigilancia para URL de red internas. La aplicaci\u00f3n obtiene estas URL del lado del servidor, almacena el contenido de la respuesta y lo hace visible a trav\u00e9s de la interfaz de usuario web \u2014 lo que permite la exfiltraci\u00f3n completa de datos de servicios internos. La versi\u00f3n 0.54.1 contiene una soluci\u00f3n para el problema."}], "id": "CVE-2026-27696", "lastModified": "2026-02-26T15:34:26.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-25T05:17:26.940", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/dgtlmoon/changedetection.io/commit/fe7aa38c651d73fe5f41ce09855fa8f97193747b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-3c45-4pj5-ch7m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.54.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "changedetection.io", "source": "cna", "vendor": "dgtlmoon"}, "product": "changedetection.io", "vendor": "dgtlmoon"}], "created": "2026-02-25T11:34:36.780729+00:00", "updated": "2026-02-25T11:34:36.780851+00:00", "vendors": ["dgtlmoon", "dgtlmoon$PRODUCT$changedetection.io"]}