anonhaven
Ad

CVE-2026-34758

CRITICAL CVSS 3.1: 9.1 EPSS 0.03%
Updated Apr 03, 2026
Hackerbay
Parameter Value
CVSS 9.1 (CRITICAL)
Affected Versions before 10.0.40
Fixed In 10.0.42
Type CWE-306 (Missing Authentication for Critical Function)
Vendor Hackerbay
Public PoC No

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, unauthenticated access to Notification test and Phone Number management endpoints allows SMS/Call/Email/WhatsApp abuse and phone number purchase. This issue has been patched in version 10.0.42.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Hackerbay Oneuptime
cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*
 10.0.40

References 3

https://github.com/OneUptime/oneuptime/commit/9adbd04538714740506708d6fa610e433…
security-advisories@github.com
https://github.com/OneUptime/oneuptime/releases/tag/10.0.42
security-advisories@github.com
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-q253-6wcm-h8hp
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33396

Hackerbay

9.9

CVE-2026-33143

Hackerbay

8.7

CVE-2026-33142

Hackerbay

8.1

CVE-2026-32598

Hackerbay

6.9

CVE-2026-32308

Oneuptime

7.6