Node.js Isolation Flaw in OneUptime Monitoring Platform
CVE-2026-45102

9.9CRITICAL

Key Information:

Vendor: Oneuptime
Status: Oneuptime
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45102?

The OneUptime Monitoring Platform, an open-source solution, experienced a vulnerability linked to the Node.js 'vm' module used for code isolation. This implementation is flawed as it allows for escape through error object manipulation and potential infinite recursion attacks. The issue has been addressed in version 10.0.98, reinforcing the importance of continuous monitoring and updating of open-source components to mitigate security risks.

Affected Version(s)

oneuptime < 10.0.98

References

https://github.com/OneUptime/oneuptime/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 8, 2026

CVE-2026-45102 Data

JSON

Oneuptime

What is CVE-2026-45102?

Affected Version(s)

References

CVSS V3.1

Timeline