CRITICAL
OneUptime
CVE published 2026-05-27
CVE-2026-45102
OneUptime, an open-source monitoring and observability platform, contains a critical sandbox escape vulnerability in versions prior to 10.0.98. The platform uses Node.js's `vm` module as an isolation primitive for executing untrusted code. However, the `vm` module was not designed for secure isolation and can be escaped through manipulation of error objects and infinite recursion techniques. Successful ex [truncated]