PT-2025-11539 · Unknown · Uptime Kuma

Published

2025-03-17

Updated

2025-03-31

CVE-2025-26042

CVSS v4.0

6.7

Medium

Vector

AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:L/SI:L/SA:L

Name of the Vulnerable Software and Affected Versions Uptime Kuma versions 1.23.0 and later

Description The issue is related to a ReDoS vulnerability that occurs when an administrator creates a notification through the web service. This happens because a provided string triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

Recommendations For Uptime Kuma versions 1.23.0 and later, consider restricting the creation of notifications through the web service until a fix is available. As a temporary workaround, limit the input strings that can be used when creating notifications to prevent triggering the ReDoS vulnerability.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2025-26042

GHSA-3RW8-4XRQ-3F7P

GHSA-HX7H-9VF7-5XHG

Affected Products

Uptime Kuma

PT-2025-11539 · Unknown · Uptime Kuma

CVE-2025-26042

Weakness Enumeration

Related Identifiers

Affected Products

References · 14