PT-2026-29875 · Oneuptime · Oneuptime
Axel-Corsiez
·
Published
2026-04-02
·
Updated
2026-04-03
·
CVE-2026-34758
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OneUptime versions prior to 10.0.42
Description
OneUptime, an open-source monitoring and observability platform, had an issue where unauthenticated access to Notification test and Phone Number management endpoints allowed for abuse, including SMS, call, email, and WhatsApp spamming, as well as unauthorized phone number purchases. Attackers could potentially drain budgets and flood targets with unwanted messages.
Recommendations
Update to version 10.0.42 or later.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oneuptime