Oneuptime - Oneuptime - CRITICAL - CVE-2026-27574. The OneUptime monitoring solution is vulnerable due to a flaw in its custom JavaScript monitor feature, which improperly uses the Node.js's node:vm module for code execution. This creates a serious security risk, allowing attackers to escape the sandbox environment trivially and gain full control over the underlying process. The probe runs on host networking and exposes sensitive environment variables containing crucial cluster credentials, such as ONEUPTIME_SECRET and various database passwords. Additionally, the monitor creation feature is accessible to users with the lowest privileges, including anonymous visitors, potentially allowing them to compromise the entire cluster within a matter of seconds. This vulnerability has been resolved in version 10.0.5 of OneUptime.