Platform
nodejs
Component
@oneuptime/common
Fixed in
10.0.19
10.0.19
10.0.18
CVE-2026-30887 is a critical Remote Code Execution (RCE) vulnerability discovered in OneUptime's Synthetic Monitors feature. This flaw allows attackers to bypass the intended sandbox and execute arbitrary system commands on the oneuptime-probe container, leading to complete system compromise. The vulnerability impacts versions prior to 10.0.18, and a patch has been released to address the issue.
The impact of CVE-2026-30887 is severe. An attacker can leverage this vulnerability to execute arbitrary code within the OneUptime probe container. Given that the probe container typically holds database credentials and cluster access information in its environment variables, a successful exploit could lead to complete data exfiltration, modification, or deletion. Furthermore, the attacker could use the compromised probe as a pivot point to move laterally within the network, potentially compromising other systems. This vulnerability shares similarities with other sandbox escape vulnerabilities where prototype chain manipulation allows bypassing security restrictions and gaining broader system access.
CVE-2026-30887 was publicly disclosed on 2026-03-07. A public proof-of-concept is likely to emerge given the ease of exploitation and the critical nature of the vulnerability. The EPSS score is expected to be high, indicating a significant probability of exploitation. Monitor security advisories and threat intelligence feeds for any signs of active exploitation campaigns targeting OneUptime installations.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-30887 is to immediately upgrade OneUptime to version 10.0.18 or later. If upgrading is not immediately feasible, consider isolating the oneuptime-probe container to limit the potential blast radius of a successful exploit. Review and restrict the permissions granted to project members who have access to create and modify Synthetic Monitors. Implement strict input validation and sanitization on any user-supplied code executed within the monitors. While a WAF is unlikely to directly mitigate this vulnerability, it can help detect and block suspicious activity related to the exploit.
Update OneUptime to version 10.0.18 or higher. This version fixes the arbitrary code execution vulnerability by not running insecure code within the Node.js vm module. The update will prevent project members from executing arbitrary system commands on the oneuptime-probe container.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-30887 is a critical Remote Code Execution vulnerability in OneUptime's Synthetic Monitors feature, allowing attackers to execute arbitrary code on the probe container.
If you are running OneUptime versions prior to 10.0.18, you are vulnerable to this RCE exploit. Upgrade immediately.
Upgrade OneUptime to version 10.0.18 or later to patch the vulnerability. Consider isolating the probe container as a temporary workaround.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation in the near future.
Refer to the OneUptime security advisory on their official website or GitHub repository for detailed information and mitigation guidance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.