{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T17:46:07.465","vulnerabilities":[{"cve":{"id":"CVE-2026-27574","sourceIdentifier":"security-advisories@github.com","published":"2026-02-21T11:15:57.443","lastModified":"2026-02-23T20:36:09.117","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a security mechanism) to execute user-supplied code, allowing trivial sandbox escape via a well-known one-liner that grants full access to the underlying process. Because the probe runs with host networking and holds all cluster credentials (ONEUPTIME_SECRET, DATABASE_PASSWORD, REDIS_PASSWORD, CLICKHOUSE_PASSWORD) in its environment variables, and monitor creation is available to the lowest role (ProjectMember) with open registration enabled by default, any anonymous user can achieve full cluster compromise in about 30 seconds. This issue has been fixed in version 10.0.5."},{"lang":"es","value":"OneUptime es una solución para monitorear y gestionar servicios en línea. En las versiones 9.5.13 e inferiores, la función de monitor JavaScript personalizado utiliza el módulo node:vm de Node.js (documentado explícitamente como no un mecanismo de seguridad) para ejecutar código proporcionado por el usuario, permitiendo un escape trivial de la sandbox a través de una línea de código bien conocida que otorga acceso completo al proceso subyacente. Debido a que la sonda se ejecuta con red de host y guarda todas las credenciales del clúster (ONEUPTIME_SECRET, DATABASE_PASSWORD, REDIS_PASSWORD, CLICKHOUSE_PASSWORD) en sus variables de entorno, y la creación de monitores está disponible para el rol más bajo (ProjectMember) con el registro abierto habilitado por defecto, cualquier usuario anónimo puede lograr un compromiso completo del clúster en aproximadamente 30 segundos. Este problema ha sido solucionado en la versión 10.0.5."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.5","matchCriteriaId":"06EDB4AF-54CB-4AF9-B070-9AB3C45CCDC8"}]}]}],"references":[{"url":"https://github.com/OneUptime/oneuptime/commit/7f9ed4d43945574702a26b7c206e38cc344fe427","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-v264-xqh4-9xmm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}