CVE-2026-30957

{"id": "CVE-2026-30957", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2026-03-10T18:18:54.737", "references": [{"url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jw8q-gjvg-8w4q", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-749"}]}], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page objects are exposed to it. A malicious user can call Playwright APIs on the injected browser object and cause the probe to spawn an attacker-controlled executable. This is a server-side remote code execution issue. It does not require a separate vm sandbox escape. This vulnerability is fixed in 10.0.21."}, {"lang": "es", "value": "OneUptime es una soluci\u00f3n para monitorear y gestionar servicios en l\u00ednea. Antes de la versi\u00f3n 10.0.21, los Monitores Sint\u00e9ticos de OneUptime permiten a un usuario de proyecto autenticado con bajos privilegios ejecutar comandos arbitrarios en el servidor/contenedor oneuptime-probe. La causa ra\u00edz es que el c\u00f3digo no confiable del Monitor Sint\u00e9tico se ejecuta dentro de la vm de Node mientras que objetos de navegador y p\u00e1gina de Playwright del reino del host en vivo est\u00e1n expuestos a \u00e9l. Un usuario malicioso puede llamar a las API de Playwright en el objeto de navegador inyectado y hacer que la sonda genere un ejecutable controlado por el atacante. Este es un problema de ejecuci\u00f3n remota de c\u00f3digo de lado del servidor. No requiere un escape de sandbox de vm separado. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 10.0.21."}], "lastModified": "2026-03-12T14:11:29.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED54DE0A-2CD8-4372-BECA-6F3AF29F2C2B", "versionEndExcluding": "10.0.21"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}