216.73.217.139

CVE-2026-34840

· Published 02/04/2026 20:16 · Modified 03/04/2026 16:10

Labels: CVE-2026-34840 2026-04-02CVE-2026-34840CWE-347[email protected]

Essential information

Published
02/04/2026 20:16
Modified
03/04/2026 16:10
Author
Creator
CVSS
8.1 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first <Signature> element in the XML DOM using xml-crypto, while getEmail() always reads from assertion[0] via xml2js. An attacker can prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, resulting in authentication bypass. This issue has been patched in version 10.0.42.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
oneuptime / oneuptime cpe:2.3:a:oneuptime:oneuptime:*:*:*:*:*:*:*:*

References