CVE-2026-27728 - Vulnerability Details

- OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Description

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

Published: 2026-02-25

Score: 10 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

OneUptime exposes an OS command injection flaw within the NetworkPathMonitor.performTraceroute() method, allowing any authenticated project user to craft a destination value containing shell metacharacters that are unsafely forwarded to a traceroute system call. This flaw permits arbitrary execution of operating system commands on the Probe server, compromising confidentiality, integrity, and availability by giving attackers full control over that server. The weakness is a classic operating system command injection (CWE‑78).

Affected Systems

The vulnerability affects the OneUptime platform in all releases prior to version 10.0.7, any project that uses a Probe server, and any authenticated user with project‑level privileges who can configure a NetworkPathMonitor. No other vendors, products, or versions are mentioned as impacted.

Risk and Exploitability

The CVSS metric is 10.0, indicating maximum severity; the EPSS score is below 1%, suggesting low exploitation probability, yet the flaw is not listed in the KEV catalog. Attackers require a valid user account on the project and can trigger the flaw by submitting a specially crafted traceroute destination. With successful exploitation, attackers gain unrestricted command execution on the Probe server, enabling data exfiltration, tampering, or service disruption.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

OneUptime

oneuptime

affected

Version	Status	Constraints
`< 10.0.7`	affected	—

Configuration 1 [-]

cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Oneuptime

100%

Version	Status	Scheme	Platform
`[0,10.0.7)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to OneUptime 10.0.7 or a later patched release
Restrict project users’ rights so that only trusted personnel can configure NetworkPathMonitor and execute traceroute operations
Temporarily disable the NetworkPathMonitor’s traceroute capability until a patch is applied
Continuously monitor Probe server logs for anomalous command executions and enforce alerting

Generated by OpenCVE AI on April 17, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-jmhp-5558-qxh5	OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00343.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5

History

Mon, 02 Mar 2026 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Hackerbay Hackerbay oneuptime
CPEs		cpe:2.3:a:hackerbay:oneuptime::::::::
Vendors & Products		Hackerbay Hackerbay oneuptime

Thu, 26 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Oneuptime Oneuptime oneuptime
Vendors & Products		Oneuptime Oneuptime oneuptime

Wed, 25 Feb 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.
Title		OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()
Weaknesses		CWE-78
References		https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1 https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Hackerbay Oneuptime

Oneuptime Oneuptime

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-02-25T16:25:09.698Z

Updated: 2026-02-25T20:19:55.906Z

Reserved: 2026-02-23T18:37:14.789Z

Link: CVE-2026-27728

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-25T17:25:40.103

Modified: 2026-03-02T18:56:30.610

Link: CVE-2026-27728

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T15:15:21Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object