{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T08:16:40.778","vulnerabilities":[{"cve":{"id":"CVE-2026-27728","sourceIdentifier":"security-advisories@github.com","published":"2026-02-25T17:25:40.103","lastModified":"2026-03-02T18:56:30.610","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability."},{"lang":"es","value":"OneUptime es una solución para monitorear y gestionar servicios en línea. Antes de la versión 10.0.7, una vulnerabilidad de inyección de comandos del sistema operativo en `NetworkPathMonitor.performTraceroute()` permite a cualquier usuario de proyecto autenticado ejecutar comandos arbitrarios del sistema operativo en el servidor Probe al inyectar metacaracteres de shell en el campo de destino de un monitor. La versión 10.0.7 corrige la vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.7","matchCriteriaId":"6FD1CDBC-9031-428E-ABC5-1FED83248B5D"}]}]}],"references":[{"url":"https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}