CVE-2026-33143

High CVSS: 8.7

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update events without verifying the Meta/WhatsApp X-Hub-Signature-256 HMAC signature, allowing any unauthenticated attacker to send forged webhook payloads that manipulate notification delivery status records, suppress alerts, and corrupt audit trails. The codebase already implements proper signature verification for Slack webhooks. This issue has been patched in version 10.0.34.

Vendor

Hackerbay

Product

Oneuptime

CWE

CWE-345

Yayın Tarihi

2026-03-20 21:17:14

Güncelleme

2026-03-23 20:48:27

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-345 Oneuptime HIGH Hackerbay 2026

Referanslar

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-g5ph-f57v-mwjc

Benzer Kayıtlar

Critical

CVE-2026-34758

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to N…

Critical

CVE-2026-33396

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authentica…

High

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-3230…

Medium

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the…

Critical

CVE-2026-32306

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the telemetry aggregation API acc…

High

CVE-2026-32308

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.23, the Markdown viewer component ren…