CVE-2026-34840

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42

Description OneUptime, an open-source monitoring and observability platform, had a flaw in its SAML SSO implementation located in App/FeatureSet/Identity/Utils/SSO.ts. The issue stemmed from a separation between signature verification and identity extraction. The isSignatureValid() function verified the signature of the first element using xml-crypto, while the getEmail() function always retrieved the email from the first assertion via xml2js. This allowed an attacker to prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, leading to authentication bypass.

Recommendations Update to version 10.0.42 or later.