CVE-2026-29779

Name of the Vulnerable Software and Affected Versions UptimeFlare versions prior to commit 377a596

Description UptimeFlare, a serverless uptime monitoring and status page solution powered by Cloudflare Workers, had a configuration issue. The uptime.config.ts file exported both pageConfig (intended for client use) and workerConfig (containing sensitive server-only data) from the same module. The client-side component pages/incidents.tsx directly imported and used the workerConfig object, resulting in the inclusion of sensitive data within the client-side JavaScript bundle served to all visitors. This issue was addressed with commit 377a596. The workerConfig contains sensitive data.

Recommendations Update to commit 377a596 or later.