CVE-2026-30921 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: March 11, 2026
OneUptime - Remote Code Execution
Overview
OneUptime < 10.0.20 contains a server-side remote code execution caused by execution of untrusted Playwright code with live host objects in the oneuptime-probe service, letting low-privileged project users execute arbitrary code on the host, exploit requires low-privileged project user access.
Severity & Score
Impact
Low-privileged users can execute arbitrary code on the probe host, potentially leading to full server compromise.
Mitigation
Update to version 10.0.20 or later.
Social Media Activity(2 posts)
š“ CVE-2026-30921 - Critical (9.9) OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current... š https://www.thehackerwire.com/vulnerability/CVE-2026-30921/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postš“ CVE-2026-30921 - Critical (9.9) OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current... š https://www.thehackerwire.com/vulnerability/CVE-2026-30921/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30921
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- remote_code_execution
- Status
- unconfirmed
- EPSS
- 1.4%
- Social Posts
- 2
CWE
- CWE-749
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H