CVE-2026-32598 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: March 17, 2026
OneUptime - Authentication Bypass
Published: March 13, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable
Overview
OneUptime < 10.0.24 contains an information disclosure vulnerability caused by logging plaintext password reset tokens at INFO level, letting attackers with log access perform account takeover, exploit requires access to application logs.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Attackers with access to logs can steal reset tokens and take over user accounts.
Mitigation
Upgrade to version 10.0.24 or later.
Related Resources
Details
- CVE ID
- CVE-2026-32598
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- broken_authentication
- Status
- confirmed
CWE
- CWE-532
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N