What is CVE-2026-45102?

CVE-2026-45102 is a critical-severity vulnerability in Oneuptime, classified under Protection Mechanism Failure. CVSS score: 9.9/10. Published 2026-05-27.

How severe is CVE-2026-45102?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Vulnerability in Oneuptime

CVE-2026-45102

OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be escaped via error objects and infinite recu…

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Oneuptime — versions < 10.0.98

Weakness classification (CWE)

CWE-693 — Protection Mechanism Failure

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-45102?: CVE-2026-45102 is a critical-severity vulnerability in Oneuptime, classified under Protection Mechanism Failure. CVSS score: 9.9/10. Published 2026-05-27.
How severe is CVE-2026-45102?: Critical severity. CVSS v3 base score is 9.9 out of 10.