{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30958", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-07T17:34:39.981Z", "datePublished": "2026-03-10T17:01:43.524Z", "dateUpdated": "2026-03-10T17:31:08.598Z"}, "containers": {"cna": {"title": "OneUptime: Path Traversal \u2014 Arbitrary File Read (No Auth)", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p2wh-9pw8-hvff", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p2wh-9pw8-hvff"}, {"name": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21", "tags": ["x_refsource_MISC"], "url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"}], "affected": [{"vendor": "OneUptime", "product": "oneuptime", "versions": [{"version": "< 10.0.21", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T17:01:43.524Z"}, "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21."}], "source": {"advisory": "GHSA-p2wh-9pw8-hvff", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T17:30:48.691596Z", "id": "CVE-2026-30958", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:31:08.598Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30958", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T17:30:48.691596Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T17:30:53.138Z"}}], "cna": {"title": "OneUptime: Path Traversal \u2014 Arbitrary File Read (No Auth)", "source": {"advisory": "GHSA-p2wh-9pw8-hvff", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "OneUptime", "product": "oneuptime", "versions": [{"status": "affected", "version": "< 10.0.21"}]}], "references": [{"url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p2wh-9pw8-hvff", "name": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p2wh-9pw8-hvff", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21", "name": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-10T17:01:43.524Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30958", "state": "PUBLISHED", "dateUpdated": "2026-03-10T17:31:08.598Z", "dateReserved": "2026-03-07T17:34:39.981Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-10T17:01:43.524Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hackerbay:oneuptime:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED54DE0A-2CD8-4372-BECA-6F3AF29F2C2B", "versionEndExcluding": "10.0.21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21."}, {"lang": "es", "value": "OneUptime es una soluci\u00f3n para monitorear y gestionar servicios en l\u00ednea. Antes de 10.0.21, un salto de ruta no autenticado en el endpoint /workflow/docs/:componentName permite la lectura de archivos arbitrarios del sistema de archivos del servidor. El par\u00e1metro de ruta componentName se concatena directamente en una ruta de archivo pasada a res.sendFile() en orker/FeatureSet/Workflow/Index.ts sin saneamiento ni middleware de autenticaci\u00f3n. Esta vulnerabilidad se corrige en 10.0.21."}], "id": "CVE-2026-30958", "lastModified": "2026-03-12T14:09:46.807", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-10T18:18:54.883", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-p2wh-9pw8-hvff"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,10.0.21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "oneuptime", "source": "cna", "vendor": "OneUptime"}, "product": "oneuptime", "vendor": "oneuptime"}], "analysis": {"en": {"generated_at": "2026-04-16T09:43:09.117884+00:00", "value": {"mitigation_remediation": ["Upgrade OneUptime to version\u00a010.0.21 or later, which sanitizes the componentName input and removes the vulnerable endpoint logic.", "Configure the reverse\u2011proxy or firewall to deny unauthenticated access to the /workflow/docs/ endpoint, ensuring that only authorized users can reach it.", "Continuously monitor web server logs for path traversal patterns, such as repeated attempts to access hidden or system files, and investigate promptly."], "summary": {"action": "Apply Patch", "impact": "Remote File Read (Unauthenticated)"}, "threat_synthesis": {"affected_systems": "Affected are installations of OneUptime version prior to 10.0.21, with a componentName route that feeds directly into res.sendFile(). The vulnerability applies to all vendors or products named OneUptime:oneuptime, encompassing any deployment of the open\u2011source monitoring platform.", "description_and_impact": "This vulnerability is a path traversal flaw in the /workflow/docs/:componentName endpoint of OneUptime. An attacker can supply a specially crafted componentName value that, after concatenation into a file system path, bypasses the intended directory boundaries. The flaw allows reading any file accessible by the running process, including configuration files, secrets, and potentially sensitive data. Because no authentication checks are performed, any network user can exploit the flaw without credentials, leading to a high risk of data exposure.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a high severity, and although the EPSS score is below 1\u202f%, the absence of a KEV listing does not diminish the potential impact. The lack of authentication makes the attack vector trivial for an external actor with network access to the endpoint. The exploit requires only a HTTP request, no special privileges, and can be performed by modifying the path segments or using relative directory references. Once triggered, the attacker obtains arbitrary filesystem content."}}}}, "created": "2026-03-11T11:49:01.684686+00:00", "updated": "2026-04-16T09:45:31.679528+00:00", "vendors": ["oneuptime", "oneuptime$PRODUCT$oneuptime"]}