{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27728", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-23T18:37:14.789Z", "datePublished": "2026-02-25T16:25:09.698Z", "dateUpdated": "2026-02-25T20:19:55.906Z"}, "containers": {"cna": {"title": "OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()", "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "lang": "en", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5"}, {"name": "https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1", "tags": ["x_refsource_MISC"], "url": "https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1"}], "affected": [{"vendor": "OneUptime", "product": "oneuptime", "versions": [{"version": "< 10.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-25T16:25:09.698Z"}, "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability."}], "source": {"advisory": "GHSA-jmhp-5558-qxh5", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T20:19:45.771535Z", "id": "CVE-2026-27728", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T20:19:55.906Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FD1CDBC-9031-428E-ABC5-1FED83248B5D", "versionEndExcluding": "10.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability."}], "id": "CVE-2026-27728", "lastModified": "2026-03-02T18:56:30.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-25T17:25:40.103", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/OneUptime/oneuptime/commit/f2cce35a04fac756cecc7a4c55e23758b99288c1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jmhp-5558-qxh5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.0.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "oneuptime", "source": "cna", "vendor": "OneUptime"}, "product": "oneuptime", "vendor": "oneuptime"}], "analysis": {"en": {"generated_at": "2026-04-17T15:07:00.168591+00:00", "value": {"mitigation_remediation": ["Upgrade to OneUptime\u00a010.0.7 or a later patched release", "Restrict project users\u2019 rights so that only trusted personnel can configure NetworkPathMonitor and execute traceroute operations", "Temporarily disable the NetworkPathMonitor\u2019s traceroute capability until a patch is applied", "Continuously monitor Probe server logs for anomalous command executions and enforce alerting"], "summary": {"action": "Patch Now", "impact": "Remote Command Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the OneUptime platform in all releases prior to version\u00a010.0.7, any project that uses a Probe server, and any authenticated user with project\u2011level privileges who can configure a NetworkPathMonitor. No other vendors, products, or versions are mentioned as impacted.", "description_and_impact": "OneUptime exposes an OS command injection flaw within the NetworkPathMonitor.performTraceroute() method, allowing any authenticated project user to craft a destination value containing shell metacharacters that are unsafely forwarded to a traceroute system call. This flaw permits arbitrary execution of operating system commands on the Probe server, compromising confidentiality, integrity, and availability by giving attackers full control over that server. The weakness is a classic operating system command injection (CWE\u201178).", "risk_and_exploitability": "The CVSS metric is 10.0, indicating maximum severity; the EPSS score is below 1%, suggesting low exploitation probability, yet the flaw is not listed in the KEV catalog. Attackers require a valid user account on the project and can trigger the flaw by submitting a specially crafted traceroute destination. With successful exploitation, attackers gain unrestricted command execution on the Probe server, enabling data exfiltration, tampering, or service disruption."}}}}, "created": "2026-02-26T13:15:24.477733+00:00", "updated": "2026-04-17T15:15:21.835767+00:00", "vendors": ["oneuptime", "oneuptime$PRODUCT$oneuptime"]}