CRITICAL🇵🇱 Wersja polska

CVE-2026-34758

CVSS 9.1v3.1pub. 2026-04-02upd. 2026-04-03

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Hackerbay Oneuptime

    APP
    Hackerbay
    < 10.0.40
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-34759CRITICAL9.2PL ✓ten sam produkt

Brak uwierzytelnienia w API powiadomień OneUptime — obejście autoryzacji

CVE-2026-35053CRITICAL9.2PL ✓ten sam produkt

Brak uwierzytelnienia w endpointach workflow w OneUptime (RCE)

CVE-2026-33396CRITICAL9.9PL ✓ten sam produkt

RCE w OneUptime — command injection przez Playwright w Synthetic Monitor

CVE-2026-32306CRITICAL9.9PL ✓ten sam produkt

SQL Injection w OneUptime — nieautoryzowany dostęp do bazy i potencjalny RCE

CVE-2026-30921CRITICAL9.9PL ✓ten sam produkt

OneUptime: RCE przez niebezpieczny Playwright sandbox w Synthetic Monitors