CVE-2026-30887

CRITICAL EPSS 30.6%
Published Mar 10, 20263mo ago · Modified Jun 17, 20261w ago
9.9 CVSS 3.1
Critical
Find Similar
Published Mar 10, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.18, OneUptime allows project members to run custom Playwright/JavaScript code via Synthetic Monitors to test websites. However, the system executes this untrusted user code inside the insecure Node.js vm module. By leveraging a standard prototype-chain escape (this.constructor.constructor), an attacker can bypass the sandbox, gain access to the underlying Node.js process object, and execute arbitrary system commands (RCE) on the oneuptime-probe container. Furthermore, because the probe holds database/cluster credentials in its environment variables, this directly leads to a complete cluster compromise. This vulnerability is fixed in 10.0.18.

CVSS Details

Base Score
9.9
Exploitability
3.1
Impact
6.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
30.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 1

VendorProductVersionRange
hackerbayoneuptime* <10.0.18

References 1

  • github.com https://github.com/OneUptime/oneuptime/security/advisories/GHSA-h343-gg57-2q67
    ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.