CVE-2026-45102

CRITICAL NVD

CVSS Score 9.9

Severity CRITICAL

Published May 27, 2026

Vendor unknown

Description

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recursion. This vulnerability is fixed in 10.0.98.

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-g9cp-35m2-fjv6