Back to CVE List

CVE-2026-45102

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.9 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Description

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-693
Source
NVD
Vendor
OneUptime
Product
oneuptime

External References

Discussion (0)

Add Comment

No comments yet. Be the first!