CVE-2026-30958
- Source
- https://cve.org/CVERecord?id=CVE-2026-30958
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30958.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-30958
- Aliases
-
- GHSA-p2wh-9pw8-hvff
- Published
- 2026-03-10T17:01:43.524Z
- Modified
- 2026-04-10T05:42:05.602294Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- OneUptime: Path Traversal — Arbitrary File Read (No Auth)
- Details
-
OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server filesystem. The componentName route parameter is concatenated directly into a file path passed to res.sendFile() in orker/FeatureSet/Workflow/Index.ts with no sanitization or authentication middleware. This vulnerability is fixed in 10.0.21.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30958.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-22" ] }- References
Affected packages
Git / github.com/oneuptime/oneuptime
Affected ranges
- Type
- GIT
- Repo
- https://github.com/oneuptime/oneuptime
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
${CI_PIPELINE_ID}
build-number-6149
build-number-6151
build-number-6206
build-number-6214
build-number-6343
build-number-6345
build-number-6372
build-number-6390
build-number-6393
build-number-6402
build-number-6408
10.*
10.0.11
10.0.15
10.0.16
10.0.17
10.0.18
10.0.20
10.0.5
10.0.7
6.*
6.0.$CI_PIPELINE_ID
6.0.1
6.0.12
6.0.14
6.0.15
6.0.17
6.0.18
6.0.19
6.0.2
6.0.20
6.0.21
6.0.22
6.0.23
6.0.24
6.0.25
6.0.26
6.0.27
7.*
7.0.1000
7.0.1004
7.0.1039
7.0.104
7.0.1055
7.0.106
7.0.1078
7.0.109
7.0.1093
7.0.11
7.0.112
7.0.114
7.0.1143
7.0.1144
7.0.1167
7.0.1174
7.0.1183
7.0.1184
7.0.1191
7.0.1192
7.0.1195
7.0.122
7.0.1225
7.0.1229
7.0.123
7.0.1230
7.0.1243
7.0.1246
7.0.126
7.0.1265
7.0.1290
7.0.1297
7.0.130
7.0.131
7.0.1326
7.0.1327
7.0.134
7.0.1341
7.0.1353
7.0.137
7.0.1375
7.0.1377
7.0.1378
7.0.1379
7.0.1383
7.0.139
7.0.141
7.0.1430
7.0.1436
7.0.144
7.0.1441
7.0.1461
7.0.1469
7.0.149
7.0.1491
7.0.1494
7.0.1500
7.0.1502
7.0.1505
7.0.1506
7.0.1510
7.0.1513
7.0.1514
7.0.1517
7.0.1528
7.0.1529
7.0.1544
7.0.1555
7.0.1557
7.0.1568
7.0.1581
7.0.1585
7.0.1586
7.0.160
7.0.162
7.0.1633
7.0.1637
7.0.1638
7.0.1642
7.0.1643
7.0.165
7.0.167
7.0.1688
7.0.169
7.0.1694
7.0.1697
7.0.1708
7.0.1709
7.0.1717
7.0.173
7.0.1740
7.0.1741
7.0.1744
7.0.1745
7.0.1751
7.0.1752
7.0.1758
7.0.1767
7.0.1769
7.0.1780
7.0.1787
7.0.179
7.0.1790
7.0.1791
7.0.1792
7.0.1794
7.0.1797
7.0.18
7.0.1800
7.0.1803
7.0.1814
7.0.1815
7.0.182
7.0.1829
7.0.183
7.0.1830
7.0.1843
7.0.1852
7.0.1854
7.0.1856
7.0.1858
7.0.1860
7.0.1862
7.0.1866
7.0.1867
7.0.1870
7.0.1871
7.0.1874
7.0.1880
7.0.1881
7.0.1886
7.0.1888
7.0.1891
7.0.1894
7.0.1901
7.0.1902
7.0.1910
7.0.1929
7.0.193
7.0.1930
7.0.1931
7.0.1934
7.0.1935
7.0.1940
7.0.1945
7.0.1965
7.0.1966
7.0.197
7.0.1978
7.0.1982
7.0.1987
7.0.200
7.0.2009
7.0.201
7.0.2012
7.0.2014
7.0.2016
7.0.2018
7.0.2032
7.0.2033
7.0.204
7.0.2051
7.0.2055
7.0.2057
7.0.2062
7.0.2063
7.0.2066
7.0.2084
7.0.2086
7.0.2088
7.0.21
7.0.2118
7.0.213
7.0.2171
7.0.2186
7.0.219
7.0.2190
7.0.2191
7.0.2195
7.0.2196
7.0.2200
7.0.2207
7.0.2223
7.0.2224
7.0.2231
7.0.2233
7.0.2237
7.0.2239
7.0.224
7.0.2240
7.0.2243
7.0.2246
7.0.2270
7.0.228
7.0.231
7.0.2319
7.0.2320
7.0.2327
7.0.2335
7.0.2341
7.0.2346
7.0.2349
7.0.2354
7.0.2358
7.0.2361
7.0.2363
7.0.2371
7.0.2372
7.0.2377
7.0.239
7.0.2401
7.0.2402
7.0.2410
7.0.2446
7.0.2448
7.0.2449
7.0.2471
7.0.2473
7.0.2475
7.0.2476
7.0.2478
7.0.2479
7.0.2482
7.0.2487
7.0.2509
7.0.2525
7.0.2550
7.0.2571
7.0.2572
7.0.2574
7.0.2589
7.0.2620
7.0.2625
7.0.2628
7.0.2639
7.0.2643
7.0.2666
7.0.2721
7.0.2725
7.0.2730
7.0.2774
7.0.2825
7.0.2828
7.0.2832
7.0.2837
7.0.2846
7.0.2873
7.0.2875
7.0.2885
7.0.290
7.0.2901
7.0.2908
7.0.291
7.0.2913
7.0.2920
7.0.2923
7.0.2928
7.0.2936
7.0.294
7.0.296
7.0.297
7.0.2972
7.0.2976
7.0.298
7.0.2994
7.0.3010
7.0.3018
7.0.3035
7.0.3038
7.0.3040
7.0.3052
7.0.3064
7.0.3076
7.0.3080
7.0.3086
7.0.3095
7.0.3113
7.0.3124
7.0.3126
7.0.3129
7.0.3140
7.0.3148
7.0.3153
7.0.3158
7.0.3163
7.0.3176
7.0.318
7.0.3188
7.0.3198
7.0.3206
7.0.321
7.0.3211
7.0.3212
7.0.3225
7.0.3227
7.0.3237
7.0.3240
7.0.3242
7.0.3245
7.0.3250
7.0.3260
7.0.3278
7.0.3279
7.0.3291
7.0.3300
7.0.3309
7.0.3330
7.0.3336
7.0.3338
7.0.3343
7.0.335
7.0.3350
7.0.3351
7.0.3357
7.0.336
7.0.3365
7.0.3377
7.0.3387
7.0.339
7.0.3393
7.0.3403
7.0.3405
7.0.341
7.0.3413
7.0.3426
7.0.3437
7.0.344
7.0.3442
7.0.3445
7.0.3448
7.0.3453
7.0.3456
7.0.346
7.0.3464
7.0.3471
7.0.348
7.0.3480
7.0.35
7.0.350
7.0.3515
7.0.3517
7.0.352
7.0.3526
7.0.3538
7.0.354
7.0.3546
7.0.3548
7.0.3549
7.0.355
7.0.3557
7.0.3565
7.0.3579
7.0.358
7.0.3599
7.0.360
7.0.361
7.0.3611
7.0.3617
7.0.362
7.0.363
7.0.365
7.0.3652
7.0.366
7.0.367
7.0.3679
7.0.368
7.0.3682
7.0.3688
7.0.369
7.0.3691
7.0.3697
7.0.3699
7.0.3705
7.0.3708
7.0.3786
7.0.38
7.0.3822
7.0.3826
7.0.3831
7.0.3840
7.0.3882
7.0.3887
7.0.39
7.0.3903
7.0.3911
7.0.3914
7.0.3918
7.0.3922
7.0.3928
7.0.3930
7.0.3935
7.0.3939
7.0.3949
7.0.395
7.0.3952
7.0.3956
7.0.3958
7.0.3962
7.0.3965
7.0.3966
7.0.3970
7.0.3974
7.0.3975
7.0.3976
7.0.398
7.0.3980
7.0.3987
7.0.399
7.0.3993
7.0.4019
7.0.403
7.0.4034
7.0.404
7.0.4041
7.0.4066
7.0.407
7.0.4078
7.0.4084
7.0.409
7.0.4090
7.0.4093
7.0.4098
7.0.4099
7.0.410
7.0.4100
7.0.4102
7.0.4114
7.0.4115
7.0.4116
7.0.4123
7.0.4129
7.0.413
7.0.4135
7.0.414
7.0.4142
7.0.4144
7.0.4148
7.0.4150
7.0.4156
7.0.4158
7.0.416
7.0.4161
7.0.4166
7.0.4176
7.0.4188
7.0.419
7.0.4193
7.0.4194
7.0.422
7.0.4222
7.0.4223
7.0.4226
7.0.4227
7.0.423
7.0.4230
7.0.4232
7.0.4235
7.0.4239
7.0.4245
7.0.4248
7.0.4250
7.0.4255
7.0.4257
7.0.426
7.0.4260
7.0.427
7.0.431
7.0.4310
7.0.4312
7.0.4313
7.0.432
7.0.4341
7.0.4344
7.0.4345
7.0.4346
7.0.4349
7.0.437
7.0.438
7.0.4395
7.0.4415
7.0.4453
7.0.4518
7.0.4541
7.0.4543
7.0.4547
7.0.4578
7.0.4585
7.0.4588
7.0.4596
7.0.4597
7.0.4604
7.0.4652
7.0.4660
7.0.4663
7.0.4665
7.0.4671
7.0.4676
7.0.4699
7.0.47
7.0.4717
7.0.4720
7.0.4741
7.0.4748
7.0.4751
7.0.4758
7.0.4762
7.0.4763
7.0.4766
7.0.4771
7.0.4773
7.0.4808
7.0.4810
7.0.4813
7.0.4815
7.0.4816
7.0.4825
7.0.4829
7.0.4832
7.0.4836
7.0.4844
7.0.4845
7.0.4848
7.0.4849
7.0.4868
7.0.4877
7.0.4917
7.0.4922
7.0.4972
7.0.4976
7.0.4978
7.0.4981
7.0.5029
7.0.5045
7.0.5058
7.0.5065
7.0.5068
7.0.5069
7.0.5077
7.0.5079
7.0.5080
7.0.5096
7.0.5098
7.0.5108
7.0.528
7.0.529
7.0.53
7.0.530
7.0.533
7.0.534
7.0.537
7.0.538
7.0.54
7.0.542
7.0.543
7.0.546
7.0.548
7.0.549
7.0.55
7.0.551
7.0.556
7.0.557
7.0.559
7.0.56
7.0.563
7.0.566
7.0.567
7.0.568
7.0.57
7.0.572
7.0.580
7.0.581
7.0.586
7.0.587
7.0.590
7.0.591
7.0.592
7.0.595
7.0.596
7.0.599
7.0.601
7.0.602
7.0.606
7.0.608
7.0.612
7.0.613
7.0.616
7.0.617
7.0.620
7.0.621
7.0.622
7.0.625
7.0.626
7.0.629
7.0.636
7.0.640
7.0.645
7.0.647
7.0.650
7.0.653
7.0.654
7.0.657
7.0.658
7.0.662
7.0.664
7.0.67
7.0.69
7.0.71
7.0.72
7.0.723
7.0.724
7.0.725
7.0.729
7.0.730
7.0.734
7.0.738
7.0.739
7.0.743
7.0.747
7.0.748
7.0.75
7.0.753
7.0.755
7.0.756
7.0.759
7.0.76
7.0.761
7.0.762
7.0.765
7.0.766
7.0.774
7.0.775
7.0.778
7.0.782
7.0.79
7.0.791
7.0.796
7.0.797
7.0.8
7.0.804
7.0.81
7.0.810
7.0.813
7.0.814
7.0.817
7.0.818
7.0.82
7.0.823
7.0.834
7.0.835
7.0.838
7.0.841
7.0.844
7.0.85
7.0.859
7.0.86
7.0.865
7.0.89
7.0.890
7.0.892
7.0.894
7.0.90
7.0.905
7.0.907
7.0.911
7.0.912
7.0.918
7.0.927
7.0.929
7.0.931
7.0.943
7.0.944
7.0.948
7.0.949
7.0.953
7.0.954
7.0.955
7.0.959
7.0.961
7.0.965
7.0.966
7.0.972
7.0.973
7.0.977
7.0.979
7.0.98
7.0.984
8.*
8.0.5124
8.0.5125
8.0.5129
8.0.5151
8.0.5159
8.0.5163
8.0.5167
8.0.5174
8.0.5181
8.0.5185
8.0.5199
8.0.5209
8.0.5219
8.0.5220
8.0.5237
8.0.5239
8.0.5312
8.0.5341
8.0.5353
8.0.5355
8.0.5358
8.0.5359
8.0.5362
8.0.5403
8.0.5409
8.0.5416
8.0.5438
8.0.5440
8.0.5466
8.0.5469
8.0.5489
8.0.5496
8.0.5516
8.0.5567
8.0.5570
8.0.5571
8.0.5572
8.0.5574
8.0.5579
8.0.5580
8.0.5584
9.*
9.0.5598
9.1.0
9.1.1
9.1.2
9.1.3
9.2.10
9.2.11
9.2.12
9.2.4
9.2.7
9.2.8
9.2.9
9.3.0
9.3.11
9.3.13
9.3.14
9.3.15
9.3.16
9.3.19
9.3.2
9.3.22
9.3.3
9.3.4
9.3.6
9.3.7
9.3.8
9.4.0
9.4.1
9.4.11
9.4.13
9.4.2
9.4.3
9.5.0
9.5.13
9.5.2
9.5.3
9.5.8
v4.*
v4.0.0
v4.0.1
v4.0.2