Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/03/20 9:50 a.m.28 views

CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

6.5CVSS0.0034EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/20 9:50 a.m.3 views

CVE-2026-33130

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

6.5CVSS5.7AI score0.0034EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/03/20 9:50 a.m.6 views

CVE-2026-33130 Uptime Kuma: SSTI in Notification Templates Allows Arbitrary File Read (Incomplete Fix for GHSA-vffh-c9pq-4crh)

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

6.5CVSS5.8AI score0.0034EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/03/20 12:0 a.m.7 views

PT-2026-26603

Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection SSTI. The three mitigations added to the Liquid engine root, relativeReference, dynamicPartials only block...

6.5CVSS5.7AI score0.0034EPSS
Exploits1References5
Rows per page
Query Builder