OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NHackerbay Oneuptime
APPHackerbay< 10.0.40
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-34759CRITICAL9.2PL ✓ten sam produkt
Brak uwierzytelnienia w API powiadomień OneUptime — obejście autoryzacji
CVE-2026-35053CRITICAL9.2PL ✓ten sam produkt
Brak uwierzytelnienia w endpointach workflow w OneUptime (RCE)
CVE-2026-33396CRITICAL9.9PL ✓ten sam produkt
RCE w OneUptime — command injection przez Playwright w Synthetic Monitor
CVE-2026-32306CRITICAL9.9PL ✓ten sam produkt
SQL Injection w OneUptime — nieautoryzowany dostęp do bazy i potencjalny RCE
CVE-2026-30921CRITICAL9.9PL ✓ten sam produkt
OneUptime: RCE przez niebezpieczny Playwright sandbox w Synthetic Monitors