OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit…

OneUptime monitoring solution contains a critical remote code execution vulnerability in versions prior to 10.0.20. Low-privileged users can submit custom Playwright code that executes on the oneuptime-probe service. The vulnerability allows attackers to bypass sandbox restrictions by directly accessing Playwright browser objects to spawn arbitrary executables on the host container. This creates a server-side RCE primitive without requiring traditional sandbox escape techniques. The issue is resolved in version 10.0.20.