CVE-2026-45102

Description

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.

PUBLISHED Reserved 2026-05-08 | Published 2026-05-27 | Updated 2026-05-30 | Assigner GitHub_M

Problem types

CWE-693: Protection Mechanism Failure

Product status

References

github.com/...uptime/security/advisories/GHSA-g9cp-35m2-fjv6 exploit

github.com/...uptime/security/advisories/GHSA-g9cp-35m2-fjv6

cve.org (CVE-2026-45102)

nvd.nist.gov (CVE-2026-45102)

Download JSON