PT-2026-44077 · Oneuptime · Oneuptime
Cristianstaicu
·
Published
2026-05-27
·
Updated
2026-05-30
·
CVE-2026-45102
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OneUptime versions prior to 10.0.98
Description
OneUptime is an open-source monitoring and observability platform. The software uses the Node.js
vm module as an isolation primitive. Because this API was not designed for isolation, it can be escaped through the use of error objects and infinite recursion.Recommendations
Update to version 10.0.98.
Exploit
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oneuptime