Loading
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints (GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId) without any authentication middleware. An attacker who can obtain or guess a workflow ID can trigger arbitrary workflow execution with attacker-controlled input data, enabling JavaScript code execution, notification abuse, and data manipulation. This issue has been patched in version 10.0.42.
Cite this page
CVE-2026-35053. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2026-35053
Use CWE-306, Hackerbay vendor hub and Oneuptime product page to widen CVE-2026-35053 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-33396, CVE-2026-32306 and CVE-2026-34759 for nearby disclosures in the same product family.