XSS Vulnerability in OneUptime Monitoring Solution
CVE-2026-32308

7.6HIGH

Key Information:

Vendor: Oneuptime
Status: Oneuptime
Vendor: CVE Published:; 12 March 2026

What is CVE-2026-32308?

OneUptime, a monitoring and management solution for online services, prior to version 10.0.23, features a Markdown viewer component that exposes a significant security risk. This component incorrectly renders Mermaid diagrams with a security level set to 'loose', thereby allowing XSS attacks. The vulnerability permits the execution of arbitrary JavaScript via event bindings in Mermaid diagrams through its click directive. All markdown-rendering fields, such as incident descriptions and status page announcements, are impacted, making them potential vectors for exploitation. The issue has been resolved in version 10.0.23.

Affected Version(s)

oneuptime < 10.0.23

References

https://github.com/OneUptime/oneuptime/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32308 Data

JSON

Oneuptime

What is CVE-2026-32308?

Affected Version(s)

References

CVSS V3.1

Timeline