CVE-2026-41895 Overview
CVE-2026-41895 is an XML External Entity (XXE) vulnerability in changedetection.io, a free open source web page change detection tool. Versions 0.54.9 and earlier are affected. The xpath_filter() function switches to XML mode when processing XML or RSS content and instantiates etree.XMLParser(strip_cdata=False) without disabling external entity resolution, external DTD loading, or network-backed entity lookup. The helper then parses untrusted XML bytes directly with etree.fromstring(...), exposing the application to XXE attacks via monitored XML or RSS feeds.
Critical Impact
Attackers controlling monitored XML/RSS content can trigger external entity resolution, enabling file disclosure and server-side request forgery against internal resources.
Affected Products
- changedetection.io versions 0.54.9 and earlier
- Self-hosted deployments parsing untrusted XML or RSS feeds
- Webtechnologies changedetection package
Discovery Timeline
- 2026-05-12 - CVE-2026-41895 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-41895
Vulnerability Analysis
The flaw resides in the xpath_filter() helper used to process content fetched from monitored URLs. When the helper detects XML or RSS input, it constructs an lxml.etree.XMLParser instance with strip_cdata=False but leaves entity resolution defaults enabled. The parser then consumes attacker-controlled bytes via etree.fromstring(...).
Because the parser does not set resolve_entities=False, no_network=True, or load_dtd=False, a crafted XML document can declare external entities that reference local files or remote URLs. Resolution occurs server-side within the changedetection.io process. This issue is categorized under [CWE-611] Improper Restriction of XML External Entity Reference.
Root Cause
The root cause is insecure default usage of lxml. The XMLParser constructor permits external entity resolution unless explicitly disabled. The vulnerable code path enables CDATA preservation but does not harden the parser against entity expansion, DTD loading, or outbound network lookups.
Attack Vector
An attacker who can influence the content of a URL monitored by changedetection.io can serve a malicious XML or RSS payload. When the application fetches and parses the response, the embedded external entity references are resolved by the server. This permits reading local files accessible to the changedetection.io process and probing internal services reachable from the host.
The vulnerability is network-exploitable without authentication or user interaction, though attack complexity is rated high because the attacker must control or coerce a monitored feed.
No verified public exploit code is available. See the GitHub Security Advisory for additional technical detail.
Detection Methods for CVE-2026-41895
Indicators of Compromise
- Outbound DNS or HTTP requests from the changedetection.io host to unexpected external domains shortly after fetching a monitored URL
- Process reads of sensitive files such as /etc/passwd or application configuration by the changedetection.io worker
- XML payloads in fetch logs containing <!DOCTYPE declarations or <!ENTITY definitions referencing SYSTEM URIs
- Unusual internal network connections originating from the changedetection.io container or host
Detection Strategies
- Inspect HTTP response bodies fetched by changedetection.io for inline DTDs and external entity declarations
- Monitor for parser-initiated network egress that does not correspond to a watched URL
- Alert on file reads outside the application working directory by the changedetection.io process
Monitoring Recommendations
- Forward application and container logs to a centralized analytics platform for retention and correlation
- Baseline normal outbound destinations from the changedetection.io host and alert on deviations
- Track newly added watch URLs that return XML or RSS content types for review
How to Mitigate CVE-2026-41895
Immediate Actions Required
- Upgrade changedetection.io to a version newer than 0.54.9 once a patched release is available
- Restrict outbound network access from the changedetection.io host to only required destinations
- Audit the list of monitored URLs and remove untrusted sources serving XML or RSS content
- Run changedetection.io with least-privilege filesystem permissions to limit file disclosure impact
Patch Information
Refer to the changedetection.io GitHub Security Advisory GHSA-v7cp-2cx9-x793 for the authoritative fix guidance and patched version information.
Workarounds
- Block changedetection.io from resolving internal hostnames and accessing internal IP ranges at the network layer
- Remove or disable watches that consume XML or RSS feeds from untrusted publishers until the upgrade is applied
- Run the service in a sandboxed container with read-only mounts for sensitive paths
# Example: restrict egress for the changedetection.io container to public DNS and HTTPS only
iptables -I OUTPUT -m owner --uid-owner changedetection -d 10.0.0.0/8 -j REJECT
iptables -I OUTPUT -m owner --uid-owner changedetection -d 172.16.0.0/12 -j REJECT
iptables -I OUTPUT -m owner --uid-owner changedetection -d 192.168.0.0/16 -j REJECT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
