FHN 
A critical security flaw (CVE-2026-27728) has been identified in OneUptime, a service monitoring platform. The issue allows authenticated users to run system-level commands on the Probe server.
This means an attacker with basic project access could potentially take full control of the affected server. Versions earlier than 10.0.7 are impacted, and users should update immediately.
How the Attack Works
The problem exists in the traceroute feature of the Probe server. When users configure a monitoring target, the system runs a command on the server to check network paths.
However, the application did not properly validate user input. Because of this, an attacker could insert extra system commands into the destination field. Instead of just running a traceroute, the server would also execute the attacker’s injected command.
Since the command runs with the server’s privileges, this could allow:
- Remote code execution
- Access to sensitive files
- Data exfiltration
- Lateral movement inside the network
- Complete server takeover
Follow Us on: Linkedin, Instagram, Facebook to get the latest security news!
Fix and Protection
OneUptime resolved the issue in version 10.0.7 by changing how system commands are executed, preventing command injection.
Organizations should upgrade immediately, review existing monitor configurations, and closely monitor Probe servers for unusual behavior.
Delaying the patch could leave systems exposed to remote compromise.
About the Author
