LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-33396

CVE-2026-33396 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: March 26, 2026

OneUptime - Remote Code Execution

Published: March 26, 2026Updated: March 26, 2026PoC AvailableRemote Exploitable

Overview

OneUptime < 10.0.35 contains a remote code execution caused by incomplete sandbox denylist in Synthetic Monitor Playwright script execution, letting low-privileged authenticated users execute arbitrary commands on the Probe container/host, exploit requires ProjectMember authentication.

Severity & Score

Severity: Critical
CVSS Score: 9.9
EPSS Score: 75.5%(Probability of exploitation in next 30 days)

Impact

Low-privileged authenticated users can execute arbitrary commands on the Probe container/host, leading to full system compromise.

Mitigation

Update to version 10.0.35 or later.

References

Social Media Activity(1 post)

ZEN SecDB
ZEN SecDB
@secdb
Mar 30, 2026

📈 CVE Published in last 7 days (2026-03-23 - 2026-03-30) See more at https://secdb.nttzen.cloud/dashboard Total CVEs: 1724 Severity: - Critical: 160 - High: 649 - Medium: 676 - Low: 49 - None: 190 Status: - : 20 - Analyzed: 407 - Awaiting Analysis: 410 - Modified: 55 - Received: 778 - Rejected: 23 - Undergoing Analysis: 31 Top CNAs: - GitHub, Inc.: 426 - Patchstack: 248 - VulDB: 159 - VulnCheck: 124 - kernel.org: 122 - Apple Inc.: 87 - MITRE: 74 - Mozilla Corporation: 47 - Wordfence: 46 - Government Technology Agency of Singapore Cyber Security Group (GovTech CSG): 33 Top Affected Products: - UNKNOWN: 1239 - Apple Macos: 76 - Mozilla Firefox: 45 - Apple Ipados: 41 - Apple Iphone Os: 41 - Wwbn Avideo: 34 - Apple Visionos: 28 - Apple Watchos: 21 - Open-emr Openemr: 20 - Hcltech Aftermarket Cloud: 17 Top EPSS Score: - CVE-2026-33634 - 26.61 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33634) - CVE-2026-33526 - 1.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33526) - CVE-2026-33478 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33478) - CVE-2026-32854 - 1.04 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32854) - CVE-2026-32748 - 0.98 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-32748) - CVE-2026-33515 - 0.96 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33515) - CVE-2026-33396 - 0.76 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-33396) - CVE-2026-4611 - 0.72 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-4611) - CVE-2026-26829 - 0.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-26829) - CVE-2019-25630 - 0.60 % (https://secdb.nttzen.cloud/cve/detail/CVE-2019-25630)

View original post

Related Resources

Details

CVE ID
CVE-2026-33396
Severity
Critical
CVSS Score
9.9
Type
command_injection
Status
confirmed
EPSS
75.5%
Social Posts
1

CWE

  • CWE-78

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

75.5%Probability of exploitation in the next 30 days