Information disclosure in Oneuptime

CVE-2026-32598

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.24, the password reset flow logs the complete password reset URL — containing the plaintext reset token — at INFO log level, which is enabled by default in…

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

Affected products

Oneuptime — versions < 10.0.24

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-4524-cj9j-g4fj (x_refsource_CONFIRM)