Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-45102: OneUptime Monitoring Platform: Escalation of Privileges Risk
CVE-2026-45102
Summary
OneUptime's monitoring and observability platform has a security issue that could allow an attacker to gain elevated access. This issue affects versions prior to 10.0.98 and is resolved in the latest version. We recommend updating to the latest version to ensure security.
Original title
OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be e...
Original description
OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.
nvd CVSS3.1
9.9
Vulnerability type
CWE-693
Protection Mechanism Failure
Published: 27 May 2026 · Updated: 30 May 2026 · First seen: 27 May 2026