MeldSecurity
Press Enter to search
CVE Database & Search β†’
Sign In Get Started

CVE-2026-27696

πŸ”΄ HIGH

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation...

Published
Feb 25, 2026
Last Modified
Feb 25, 2026
Views
7
Bookmarks
0

Description

Request Expert Review

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI β€” enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue.

CVSS Scores

CVSS 3.1 8.6
8.6
HIGH
CVSS 2.0 8.6

References

github.com github.com

Additional Information

Source
security-advisories@github.com
State
Received

Related CVEs

CVE-2026-3150

MEDIUM

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teac...

Score: 6.3

CVE-2026-3149

MEDIUM

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/...

Score: 6.3

CVE-2026-3148

HIGH

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. T...

Score: 7.3

CVE-2026-27645

MEDIUM

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID...

Score: 6.1

CVE-2026-27624

HIGH

Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied...

Score: 7.2

CVE-2025-0976

MEDIUM

Information Exposure Vulnerability inΒ Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Cente...

Score: 4.7

Share CVE-2026-27696

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2026-27696 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis