CVE-2026-27728

Critical CVSS: 9.9

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

Vendor

Hackerbay

Product

Oneuptime

CWE

CWE-78

Yayın Tarihi

2026-02-25 17:25:40

Güncelleme

2026-03-02 18:56:30

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Oneuptime CRITICAL Hackerbay 2026

Referanslar

https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1 https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5

Benzer Kayıtlar

Critical

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to N…

Critical

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authentica…

High

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-3230…

High

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook…

Medium

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the…

Critical

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API acc…