CVE-2026-45102

Published: Mag 27, 2026 Last Modified: Mag 27, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.

693

Protection Mechanism Failure

Draft

Abstraction: Pillar Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Bypass Protection Mechanism

Applicable Platforms

Technologies: Not Technology-Specific, ICS/OT

View CWE Details

https://github.com/OneUptime/oneuptime/security/advisories/…

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-g9cp-35m2-fjv6

CVE-2026-45102

Description

Protection Mechanism Failure

Common Consequences

Applicable Platforms

Iscriviti alla newsletter