Vulnerability in Oneuptime

CVE-2026-33143

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the WhatsApp POST webhook handler (/notification/whatsapp/webhook) processes incoming status update events without verifying the Meta/WhatsApp X…

EPSS: 0.000 (3.2th percentile) — read the EPSS interpretation.

Affected products

Oneuptime — versions < 10.0.34

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-g5ph-f57v-mwjc (x_refsource_CONFIRM)