anonhaven
Ad

CVE-2026-27728

CRITICAL CVSS 3.1: 9.9 EPSS 0.34%
Updated Feb 25, 2026
Oneuptime
Parameter Value
CVSS 9.9 (CRITICAL)
Type CWE-78 (OS Command Injection)
Vendor Oneuptime
Public PoC No

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-78 OS Command Injection

References 2

https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b…
security-advisories@github.com
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-35053

Oneuptime

9.2

CVE-2026-34840

Oneuptime

8.1

CVE-2026-33396

Hackerbay

9.9

CVE-2026-33142

Hackerbay

8.1

CVE-2026-32308

Oneuptime

7.6