OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve rem…

OneUptime monitoring platform contains a remote command execution vulnerability in versions prior to 10.0.35. Low-privileged authenticated users can exploit the Synthetic Monitor Playwright script execution feature to achieve RCE on Probe containers. The vulnerability stems from an incomplete sandbox denylist that fails to block _browserType and launchServer properties, allowing attackers to traverse page.context().browser()._browserType.launchServer() and spawn arbitrary processes. The issue has been patched in version 10.0.35.