4 matches found
CVE-2026-33130
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...
PT-2026-26603
Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...