SQL Injection Vulnerability in OneUptime Monitoring Software
CVE-2026-33142

8.1HIGH

Key Information:

Vendor: Oneuptime
Status: Oneuptime
Vendor: CVE Published:; 20 March 2026

What is CVE-2026-33142?

OneUptime, a service management solution, is susceptible to SQL injection due to inadequate column name validation in multiple query construction methods, allowing attackers to craft malicious SQL queries through user-controlled keys. Prior to version 10.0.34, the application failed to properly validate inputs in the toSortStatement, toSelectStatement, and toGroupByStatement methods, which could allow unauthorized access to sensitive data through modified analytics endpoints. This vulnerability is now addressed in the latest version.

Affected Version(s)

oneuptime < 10.0.34

References

https://github.com/OneUptime/oneuptime/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-33142 Data

JSON

Oneuptime

What is CVE-2026-33142?

Affected Version(s)

References

CVSS V3.1

Timeline