Plattform
nodejs
Komponente
@oneuptime/common
Behoben in
10.0.19
10.0.19
10.0.18
CVE-2026-30887 is a critical Remote Code Execution (RCE) vulnerability discovered in OneUptime's Synthetic Monitors feature. This flaw allows attackers to bypass the intended sandbox and execute arbitrary system commands on the oneuptime-probe container, leading to complete system compromise. The vulnerability impacts versions prior to 10.0.18, and a patch has been released to address the issue.
The impact of CVE-2026-30887 is severe. An attacker can leverage a prototype-chain escape within the Node.js vm module to bypass the security sandbox. This allows them to access the underlying process object and execute arbitrary system commands. Given that the oneuptime-probe container typically holds database and cluster credentials in its environment variables, a successful exploit could lead to data exfiltration, modification, or deletion, as well as lateral movement within the network. This vulnerability shares similarities with other Node.js sandbox escape exploits, highlighting the inherent risks of executing untrusted code in such environments.
CVE-2026-30887 was publicly disclosed on 2026-03-07. A public proof-of-concept (PoC) is likely to emerge given the ease of exploitation and the critical nature of the vulnerability. The EPSS score is expected to be high, indicating a significant probability of exploitation. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns.
Organizations utilizing OneUptime for website monitoring, particularly those with project members who have permissions to create and modify Synthetic Monitors, are at significant risk. Shared hosting environments where multiple users share the same OneUptime instance are especially vulnerable, as a compromised monitor could impact all users on the shared system.
• linux / server:
journalctl -u oneuptime-probe | grep -i "prototype chain"• nodejs:
ps aux | grep -i "oneuptime-probe" | grep -i "vm.Module"• generic web:
curl -I http://<oneuptime_url>/synthetic/monitors/ | grep -i "Content-Security-Policy"disclosure
patch
Exploit-Status
EPSS
0.06% (17% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-30887 is to immediately upgrade OneUptime to version 10.0.18 or later. If an immediate upgrade is not feasible, consider temporarily disabling the Synthetic Monitors feature to prevent potential exploitation. While a direct workaround is not available, implementing strict input validation and sanitization for any user-provided code within the Synthetic Monitors configuration can help reduce the attack surface. Monitor system logs for suspicious activity related to Node.js processes and unusual command executions.
Aktualisieren Sie OneUptime auf Version 10.0.18 oder höher. Diese Version behebt die Schwachstelle der beliebigen Codeausführung, indem unsicherer Code innerhalb des Node.js vm-Moduls ausgeführt wird. Das Update verhindert, dass Projektmitglieder beliebige Systembefehle im oneuptime-probe-Container ausführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-30887 is a critical Remote Code Execution vulnerability in OneUptime's Synthetic Monitors feature, allowing attackers to execute arbitrary code on the probe container.
If you are running OneUptime versions prior to 10.0.18, you are vulnerable to this RCE exploit. Upgrade immediately.
Upgrade OneUptime to version 10.0.18 or later to patch the vulnerability. Consider isolating the probe container as a temporary workaround.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the near future.
Refer to the OneUptime security advisory on their official website or GitHub repository for detailed information and mitigation guidance.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.