CVE-2026-27728 Oneuptime — Exploit & Vulnerability Details CRITICAL

Parameter	Value
CVSS	9.9 (CRITICAL)
Type	CWE-78 (OS Command Injection (Внедрение команд ОС))
Vendor	Oneuptime
Public PoC	No

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

Low

Нужны базовые права

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

High

Полная утечка данных

Integrity

High

Полная модификация данных

Availability

High

Полный отказ в обслуживании

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection (Внедрение команд ОС)

References 2

https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b…

security-advisories@github.com

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28787

Oneuptime

8.2

CVE-2026-27574

Oneuptime

9.9

Menu

CVE-2026-27728

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-28787

CVE-2026-27574

CVE Details

Editor's Choice