Description

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

INFO

Published Date :

2026-02-25T16:25:09.698Z

Last Modified :

2026-02-25T20:19:55.906Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-27728 vulnerability.

Vendors Products
Hackerbay
  • Oneuptime
Oneuptime
  • Oneuptime
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27728.

URL Resource
https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1 cve-icon cve-icon
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact