CVE-2026-34840

Published: Apr 2, 2026

Modified: Apr 2, 2026

PUBLISHED

CVSS v3.1

8.1

HIGH

Description

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first <Signature> element in the XML DOM using xml-crypto, while getEmail() always reads from assertion[0] via xml2js. An attacker can prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, resulting in authentication bypass. This issue has been patched in version 10.0.42.

Vendor	Product	Versions
OneUptime	oneuptime	affected `< 10.0.42`

Weaknesses (CWE)

CWE-347

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/OneUptime/oneuptime/security/advisories/GHSA-5w5c-766x-265g

x_refsource_CONFIRM

https://github.com/OneUptime/oneuptime/commit/2fd7ede52f60444710628d6c1b34dee2ef9e57d1

x_refsource_MISC

https://github.com/OneUptime/oneuptime/releases/tag/10.0.42

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-34840

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References