Description

UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains sensitive data) from the same module. Due to pages/incidents.tsx importing and using workerConfig directly inside client-side component code, the entire workerConfig object was included in the client-side JavaScript bundle served to all visitors. This issue has been patched via commit 377a596.

INFO

Published Date :

2026-03-07T15:19:38.593Z

Last Modified :

2026-03-09T18:27:06.064Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-29779 vulnerability.

Vendors Products
Lyc8503
  • Uptimeflare
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-29779.

URL Resource
https://github.com/lyc8503/UptimeFlare/commit/377a5963c66ba9a798abebfe8d80378b053435e9 cve-icon cve-icon
https://github.com/lyc8503/UptimeFlare/issues/198 cve-icon cve-icon
https://github.com/lyc8503/UptimeFlare/security/advisories/GHSA-36q9-v7p3-vj6v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact