Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Sensitive data exposed in UptimeFlare configuration file
CVE-2026-29779
Summary
UptimeFlare's configuration file accidentally exposed sensitive server data to all website visitors. This is a security risk because it could allow unauthorized access to confidential information. The issue has been fixed, but users should ensure they have the latest version of the affected software.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| lyc8503 | uptimeflare | <= 2026-03-04 | – |
Original title
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for c...
Original description
UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains sensitive data) from the same module. Due to pages/incidents.tsx importing and using workerConfig directly inside client-side component code, the entire workerConfig object was included in the client-side JavaScript bundle served to all visitors. This issue has been patched via commit 377a596.
nvd CVSS3.1
7.5
Vulnerability type
CWE-200
Information Exposure
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026