CVE-2026-34758

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42.

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-34758

Affected Products

Oneuptime

CVE-2026-34758

Weakness Enumeration

Related Identifiers

Affected Products

References · 4