NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41895

Summary	changedetection.io is a free open source web page change detection tool. In 0.54.9 and earlier, xpath_filter() switches to XML mode for XML/RSS content and creates etree.XMLParser(strip_cdata=False) without explicitly disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...).
Publication Date	May 13, 2026, 3:17 a.m.
Registration Date	May 13, 2026, 4:15 a.m.
Last Update	May 13, 2026, 3:17 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-v7cp-2cx9-x793	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-611	XML 外部エンティティ参照の不適切な制限	https://cwe.mitre.org/data/definitions/611.html