CVE-2026-30959

EUVD-2026-10703
OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated (unlike the verify endpoint). This affects the UserWhatsAppAPI.ts endpoint and the UserWhatsAppService.ts service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
hackerbayoneuptime
𝑥
< 10.0.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/OneUptime/oneuptime/releases/tag/10.0.21
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv