CVE-2026-27728

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

CVSS v3 9.9 CRITICAL

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1	Patch
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-25 17:25

Updated : 2026-03-02 18:56

NVD link : CVE-2026-27728

Mitre link : CVE-2026-27728

CVE.ORG link : CVE-2026-27728

JSON object : View

Products Affected

hackerbay

oneuptime

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-27728", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-02-25T17:25:40.103", "references": [{"url": "https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability."}, {"lang": "es", "value": "OneUptime es una soluci\u00f3n para monitorear y gestionar servicios en l\u00ednea. Antes de la versi\u00f3n 10.0.7, una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en `NetworkPathMonitor.performTraceroute()` permite a cualquier usuario de proyecto autenticado ejecutar comandos arbitrarios del sistema operativo en el servidor Probe al inyectar metacaracteres de shell en el campo de destino de un monitor. La versi\u00f3n 10.0.7 corrige la vulnerabilidad."}], "lastModified": "2026-03-02T18:56:30.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD1CDBC-9031-428E-ABC5-1FED83248B5D", "versionEndExcluding": "10.0.7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}