CVE-2026-34840Hackerbay · Oneuptime
Vulnerability data via NVD (ingested)
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Identity/Utils/SSO.ts) has decoupled signature verification and identity extraction. isSignatureValid() verifies the first <Signature> element in the XML DOM using xml-crypto, while getEmail() always reads from assertion[0] via xml2js. An attacker can prepend an unsigned assertion containing an arbitrary identity before a legitimately signed assertion, resulting in authentication bypass. This issue has been patched in version 10.0.42.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-34840product:"Hackerbay Oneuptime"http.html:"Oneuptime"More intel sources (5)
vuln:CVE-2026-34840vulnerabilities.cve_id: CVE-2026-34840CVE-2026-34840CVE-2026-34840"CVE-2026-34840" exploit -site:nvd.nist.gov