OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.
| Źródło | Link | Uwagi |
|---|---|---|
| NVD (NIST) | https://nvd.nist.gov/vuln/detail/CVE-2026-27728 | Karta CVE w NVD |
| CISA KEV | https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-27728 | Wyszukiwanie CVE w KEV |
| FIRST EPSS | https://api.first.org/data/v1/epss?cve=CVE-2026-27728 | API EPSS dla CVE |
| security-advisories@github.com | https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1 | Patch |
| security-advisories@github.com | https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5 | Exploit, Vendor Advisory |