CVE-2026-27728

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-27728

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27728.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-27728

Aliases

GHSA-jmhp-5558-qxh5

Published

2026-02-25T16:25:09.698Z

Modified

2026-04-10T05:37:20.264547Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in traceroute exec()

Details

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute() allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-78"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27728.json"
}

References

Affected packages

Git / github.com/oneuptime/oneuptime

Affected ranges

Type: GIT
Repo: https://github.com/oneuptime/oneuptime
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8ba6d5d058b3101bd4353df85fa6f762722d3134

Affected versions

Other

${CI_PIPELINE_ID}

build-number-6149

build-number-6151

build-number-6206

build-number-6214

build-number-6343

build-number-6345

10.*

10.0.5

6.*

6.0.$CI_PIPELINE_ID

6.0.1

6.0.12

6.0.14

6.0.15

6.0.17

6.0.18

6.0.19

6.0.2

6.0.20

6.0.21

6.0.22

6.0.23

6.0.24

6.0.25

6.0.26

6.0.27

7.*

7.0.1000

7.0.1004

7.0.1039

7.0.104

7.0.1055

7.0.106

7.0.1078

7.0.109

7.0.1093

7.0.11

7.0.112

7.0.114

7.0.1143

7.0.1144

7.0.1167

7.0.1174

7.0.1183

7.0.1184

7.0.1191

7.0.1192

7.0.1195

7.0.122

7.0.1225

7.0.1229

7.0.123

7.0.1230

7.0.1243

7.0.1246

7.0.126

7.0.1265

7.0.1290

7.0.1297

7.0.130

7.0.131

7.0.1326

7.0.1327

7.0.134

7.0.1341

7.0.1353

7.0.137

7.0.1375

7.0.1377

7.0.1378

7.0.1379

7.0.1383

7.0.139

7.0.141

7.0.1430

7.0.1436

7.0.144

7.0.1441

7.0.1461

7.0.1469

7.0.149

7.0.1491

7.0.1494

7.0.1500

7.0.1502

7.0.1505

7.0.1506

7.0.1510

7.0.1513

7.0.1514

7.0.1517

7.0.1528

7.0.1529

7.0.1544

7.0.1555

7.0.1557

7.0.1568

7.0.1581

7.0.1585

7.0.1586

7.0.160

7.0.162

7.0.1633

7.0.1637

7.0.1638

7.0.1642

7.0.1643

7.0.165

7.0.167

7.0.1688

7.0.169

7.0.1694

7.0.1697

7.0.1708

7.0.1709

7.0.1717

7.0.173

7.0.1740

7.0.1741

7.0.1744

7.0.1745

7.0.1751

7.0.1752

7.0.1758

7.0.1767

7.0.1769

7.0.1780

7.0.1787

7.0.179

7.0.1790

7.0.1791

7.0.1792

7.0.1794

7.0.1797

7.0.18

7.0.1800

7.0.1803

7.0.1814

7.0.1815

7.0.182

7.0.1829

7.0.183

7.0.1830

7.0.1843

7.0.1852

7.0.1854

7.0.1856

7.0.1858

7.0.1860

7.0.1862

7.0.1866

7.0.1867

7.0.1870

7.0.1871

7.0.1874

7.0.1880

7.0.1881

7.0.1886

7.0.1888

7.0.1891

7.0.1894

7.0.1901

7.0.1902

7.0.1910

7.0.1929

7.0.193

7.0.1930

7.0.1931

7.0.1934

7.0.1935

7.0.1940

7.0.1945

7.0.1965

7.0.1966

7.0.197

7.0.1978

7.0.1982

7.0.1987

7.0.200

7.0.2009

7.0.201

7.0.2012

7.0.2014

7.0.2016

7.0.2018

7.0.2032

7.0.2033

7.0.204

7.0.2051

7.0.2055

7.0.2057

7.0.2062

7.0.2063

7.0.2066

7.0.2084

7.0.2086

7.0.2088

7.0.21

7.0.2118

7.0.213

7.0.2171

7.0.2186

7.0.219

7.0.2190

7.0.2191

7.0.2195

7.0.2196

7.0.2200

7.0.2207

7.0.2223

7.0.2224

7.0.2231

7.0.2233

7.0.2237

7.0.2239

7.0.224

7.0.2240

7.0.2243

7.0.2246

7.0.2270

7.0.228

7.0.231

7.0.2319

7.0.2320

7.0.2327

7.0.2335

7.0.2341

7.0.2346

7.0.2349

7.0.2354

7.0.2358

7.0.2361

7.0.2363

7.0.2371

7.0.2372

7.0.2377

7.0.239

7.0.2401

7.0.2402

7.0.2410

7.0.2446

7.0.2448

7.0.2449

7.0.2471

7.0.2473

7.0.2475

7.0.2476

7.0.2478

7.0.2479

7.0.2482

7.0.2487

7.0.2509

7.0.2525

7.0.2550

7.0.2571

7.0.2572

7.0.2574

7.0.2589

7.0.2620

7.0.2625

7.0.2628

7.0.2639

7.0.2643

7.0.2666

7.0.2721

7.0.2725

7.0.2730

7.0.2774

7.0.2825

7.0.2828

7.0.2832

7.0.2837

7.0.2846

7.0.2873

7.0.2875

7.0.2885

7.0.290

7.0.2901

7.0.2908

7.0.291

7.0.2913

7.0.2920

7.0.2923

7.0.2928

7.0.2936

7.0.294

7.0.296

7.0.297

7.0.2972

7.0.2976

7.0.298

7.0.2994

7.0.3010

7.0.3018

7.0.3035

7.0.3038

7.0.3040

7.0.3052

7.0.3064

7.0.3076

7.0.3080

7.0.3086

7.0.3095

7.0.3113

7.0.3124

7.0.3126

7.0.3129

7.0.3140

7.0.3148

7.0.3153

7.0.3158

7.0.3163

7.0.3176

7.0.318

7.0.3188

7.0.3198

7.0.3206

7.0.321

7.0.3211

7.0.3212

7.0.3225

7.0.3227

7.0.3237

7.0.3240

7.0.3242

7.0.3245

7.0.3250

7.0.3260

7.0.3278

7.0.3279

7.0.3291

7.0.3300

7.0.3309

7.0.3330

7.0.3336

7.0.3338

7.0.3343

7.0.335

7.0.3350

7.0.3351

7.0.3357

7.0.336

7.0.3365

7.0.3377

7.0.3387

7.0.339

7.0.3393

7.0.3403

7.0.3405

7.0.341

7.0.3413

7.0.3426

7.0.3437

7.0.344

7.0.3442

7.0.3445

7.0.3448

7.0.3453

7.0.3456

7.0.346

7.0.3464

7.0.3471

7.0.348

7.0.3480

7.0.35

7.0.350

7.0.3515

7.0.3517

7.0.352

7.0.3526

7.0.3538

7.0.354

7.0.3546

7.0.3548

7.0.3549

7.0.355

7.0.3557

7.0.3565

7.0.3579

7.0.358

7.0.3599

7.0.360

7.0.361

7.0.3611

7.0.3617

7.0.362

7.0.363

7.0.365

7.0.3652

7.0.366

7.0.367

7.0.3679

7.0.368

7.0.3682

7.0.3688

7.0.369

7.0.3691

7.0.3697

7.0.3699

7.0.3705

7.0.3708

7.0.3786

7.0.38

7.0.3822

7.0.3826

7.0.3831

7.0.3840

7.0.3882

7.0.3887

7.0.39

7.0.3903

7.0.3911

7.0.3914

7.0.3918

7.0.3922

7.0.3928

7.0.3930

7.0.3935

7.0.3939

7.0.3949

7.0.395

7.0.3952

7.0.3956

7.0.3958

7.0.3962

7.0.3965

7.0.3966

7.0.3970

7.0.3974

7.0.3975

7.0.3976

7.0.398

7.0.3980

7.0.3987

7.0.399

7.0.3993

7.0.4019

7.0.403

7.0.4034

7.0.404

7.0.4041

7.0.4066

7.0.407

7.0.4078

7.0.4084

7.0.409

7.0.4090

7.0.4093

7.0.4098

7.0.4099

7.0.410

7.0.4100

7.0.4102

7.0.4114

7.0.4115

7.0.4116

7.0.4123

7.0.4129

7.0.413

7.0.4135

7.0.414

7.0.4142

7.0.4144

7.0.4148

7.0.4150

7.0.4156

7.0.4158

7.0.416

7.0.4161

7.0.4166

7.0.4176

7.0.4188

7.0.419

7.0.4193

7.0.4194

7.0.422

7.0.4222

7.0.4223

7.0.4226

7.0.4227

7.0.423

7.0.4230

7.0.4232

7.0.4235

7.0.4239

7.0.4245

7.0.4248

7.0.4250

7.0.4255

7.0.4257

7.0.426

7.0.4260

7.0.427

7.0.431

7.0.4310

7.0.4312

7.0.4313

7.0.432

7.0.4341

7.0.4344

7.0.4345

7.0.4346

7.0.4349

7.0.437

7.0.438

7.0.4395

7.0.4415

7.0.4453

7.0.4518

7.0.4541

7.0.4543

7.0.4547

7.0.4578

7.0.4585

7.0.4588

7.0.4596

7.0.4597

7.0.4604

7.0.4652

7.0.4660

7.0.4663

7.0.4665

7.0.4671

7.0.4676

7.0.4699

7.0.47

7.0.4717

7.0.4720

7.0.4741

7.0.4748

7.0.4751

7.0.4758

7.0.4762

7.0.4763

7.0.4766

7.0.4771

7.0.4773

7.0.4808

7.0.4810

7.0.4813

7.0.4815

7.0.4816

7.0.4825

7.0.4829

7.0.4832

7.0.4836

7.0.4844

7.0.4845

7.0.4848

7.0.4849

7.0.4868

7.0.4877

7.0.4917

7.0.4922

7.0.4972

7.0.4976

7.0.4978

7.0.4981

7.0.5029

7.0.5045

7.0.5058

7.0.5065

7.0.5068

7.0.5069

7.0.5077

7.0.5079

7.0.5080

7.0.5096

7.0.5098

7.0.5108

7.0.528

7.0.529

7.0.53

7.0.530

7.0.533

7.0.534

7.0.537

7.0.538

7.0.54

7.0.542

7.0.543

7.0.546

7.0.548

7.0.549

7.0.55

7.0.551

7.0.556

7.0.557

7.0.559

7.0.56

7.0.563

7.0.566

7.0.567

7.0.568

7.0.57

7.0.572

7.0.580

7.0.581

7.0.586

7.0.587

7.0.590

7.0.591

7.0.592

7.0.595

7.0.596

7.0.599

7.0.601

7.0.602

7.0.606

7.0.608

7.0.612

7.0.613

7.0.616

7.0.617

7.0.620

7.0.621

7.0.622

7.0.625

7.0.626

7.0.629

7.0.636

7.0.640

7.0.645

7.0.647

7.0.650

7.0.653

7.0.654

7.0.657

7.0.658

7.0.662

7.0.664

7.0.67

7.0.69

7.0.71

7.0.72

7.0.723

7.0.724

7.0.725

7.0.729

7.0.730

7.0.734

7.0.738

7.0.739

7.0.743

7.0.747

7.0.748

7.0.75

7.0.753

7.0.755

7.0.756

7.0.759

7.0.76

7.0.761

7.0.762

7.0.765

7.0.766

7.0.774

7.0.775

7.0.778

7.0.782

7.0.79

7.0.791

7.0.796

7.0.797

7.0.8

7.0.804

7.0.81

7.0.810

7.0.813

7.0.814

7.0.817

7.0.818

7.0.82

7.0.823

7.0.834

7.0.835

7.0.838

7.0.841

7.0.844

7.0.85

7.0.859

7.0.86

7.0.865

7.0.89

7.0.890

7.0.892

7.0.894

7.0.90

7.0.905

7.0.907

7.0.911

7.0.912

7.0.918

7.0.927

7.0.929

7.0.931

7.0.943

7.0.944

7.0.948

7.0.949

7.0.953

7.0.954

7.0.955

7.0.959

7.0.961

7.0.965

7.0.966

7.0.972

7.0.973

7.0.977

7.0.979

7.0.98

7.0.984

8.*

8.0.5124

8.0.5125

8.0.5129

8.0.5151

8.0.5159

8.0.5163

8.0.5167

8.0.5174

8.0.5181

8.0.5185

8.0.5199

8.0.5209

8.0.5219

8.0.5220

8.0.5237

8.0.5239

8.0.5312

8.0.5341

8.0.5353

8.0.5355

8.0.5358

8.0.5359

8.0.5362

8.0.5403

8.0.5409

8.0.5416

8.0.5438

8.0.5440

8.0.5466

8.0.5469

8.0.5489

8.0.5496

8.0.5516

8.0.5567

8.0.5570

8.0.5571

8.0.5572

8.0.5574

8.0.5579

8.0.5580

8.0.5584

9.*

9.0.5598

9.1.0

9.1.1

9.1.2

9.1.3

9.2.10

9.2.11

9.2.12

9.2.4

9.2.7

9.2.8

9.2.9

9.3.0

9.3.11

9.3.13

9.3.14

9.3.15

9.3.16

9.3.19

9.3.2

9.3.22

9.3.3

9.3.4

9.3.6

9.3.7

9.3.8

9.4.0

9.4.1

9.4.11

9.4.13

9.4.2

9.4.3

9.5.0

9.5.13

9.5.2

9.5.3

9.5.8

v4.*

v4.0.0

v4.0.1

v4.0.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27728.json"