CVE-2026-30958 | oneuptime up to 10.0.20 /workflow/docs/ res.sendFile componentName path traversal (GHSA-p2wh-9pw8-hvff)

A vulnerability categorized as critical has been discovered in oneuptime up to 10.0.20. Affected by this issue is the function res.sendFile of the file /workflow/docs/. Such manipulation of the argument componentName leads to path traversal.

This vulnerability is referenced as CVE-2026-30958. It is possible to launch the attack remotely. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More