Platform
nodejs
Component
oneuptime
Fixed in
10.0.43
CVE-2026-34840 describes an authentication bypass vulnerability in OneUptime, an open-source monitoring and observability platform. This flaw allows attackers to bypass SAML SSO signature verification, potentially gaining unauthorized access to the system. The vulnerability affects versions of OneUptime prior to 10.0.42 and has been resolved in version 10.0.42.
The impact of this vulnerability is significant. An attacker can exploit it to bypass SAML SSO authentication and gain unauthorized access to OneUptime's monitoring and observability features. This could lead to data breaches, system compromise, and disruption of monitoring services. The attacker could potentially modify monitoring configurations, access sensitive data about monitored systems, or even use the compromised OneUptime instance as a pivot point to attack other systems within the network. This vulnerability shares similarities with other SAML-related authentication bypasses, highlighting the importance of robust signature verification and identity validation.
CVE-2026-34840 was publicly disclosed on 2026-04-02. The vulnerability's severity is rated HIGH with a CVSS score of 8.1. No public proof-of-concept (PoC) code has been released at the time of writing, but the decoupled signature verification and identity extraction mechanism is well-understood, increasing the likelihood of exploitation. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34840 is to upgrade OneUptime to version 10.0.42 or later. If an immediate upgrade is not possible, consider implementing stricter SAML configuration policies to limit the impact of a potential attack. This might involve enforcing stricter signature validation rules or implementing multi-factor authentication (MFA) for SAML SSO. Review and audit SAML configurations to ensure proper security practices are in place. After upgrading, confirm the fix by attempting a SAML SSO login with a test user and verifying that the signature verification process is functioning correctly.
Update OneUptime to version 10.0.42 or higher. This version fixes the identity injection vulnerability by correctly verifying SAML signatures and extracting the identity from the signed assertion.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34840 is a HIGH severity vulnerability in OneUptime versions prior to 10.0.42 that allows attackers to bypass SAML SSO signature verification, potentially gaining unauthorized access.
You are affected if you are using OneUptime version 10.0.42 or earlier. Upgrade to 10.0.42 to mitigate the risk.
Upgrade OneUptime to version 10.0.42 or later. Consider implementing stricter SAML configuration policies as an interim measure.
While no public exploits are currently known, the vulnerability's nature and ease of exploitation suggest it could be targeted in the future.
Refer to the OneUptime security advisories page for the latest information and official announcements regarding CVE-2026-34840.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.