Account Takeover Vulnerability in OneUptime Monitoring Solution
CVE-2026-32598

6.9MEDIUM

Key Information:

Vendor: Oneuptime
Status: Oneuptime
Vendor: CVE Published:; 12 March 2026

What is CVE-2026-32598?

OneUptime, a service monitoring and management tool, has a vulnerability that compromises account security by logging the complete password reset URL, which includes the plaintext reset token. This logging occurs at the INFO level by default, allowing anyone with access to the application logs to capture and misuse these tokens. If exploited, an attacker can gain unauthorized access to user accounts. The issue has been resolved in version 10.0.24, highlighting the importance of secure log management practices to prevent sensitive information leakage.

Affected Version(s)

oneuptime < 10.0.24

References

https://github.com/OneUptime/oneuptime/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2026
Vulnerability Reserved
Mar 12, 2026

CVE-2026-32598 Data

JSON

Oneuptime

What is CVE-2026-32598?

Affected Version(s)

References

CVSS V4

Timeline