Uptime Kuma Vulnerability Allows Information Disclosure
Summary
CERT-Bund has issued a security advisory for Uptime Kuma, detailing a vulnerability that allows remote authenticated attackers to disclose information. The advisory assigns a CVSS Base Score of 6.5 and a Temporal Score of 5.9, classifying it as medium severity. Mitigation measures are available.
What changed
CERT-Bund has released security advisory WID-SEC-2026-0811 concerning a vulnerability in Uptime Kuma, an open-source service monitoring software. The vulnerability, affecting versions prior to 2.2.1, allows a remote, authenticated attacker to exploit a flaw to disclose information. The advisory notes a CVSS Base Score of 6.5 (medium) and a Temporal Score of 5.9 (medium), indicating a moderate risk.
Organizations using Uptime Kuma, particularly those running Linux, other UNIX-like systems, or unspecified 'Other' operating systems, should review their deployment. While the advisory indicates mitigation is available, specific steps are not detailed in this summary. Affected parties should consult the full advisory and vendor documentation to implement necessary patches or workarounds to prevent unauthorized information disclosure and maintain system security.
What to do next
- Review Uptime Kuma installations for versions prior to 2.2.1.
- Consult CERT-Bund advisory WID-SEC-2026-0811 for mitigation details.
- Apply available patches or workarounds to address the information disclosure vulnerability.
Source document (simplified)
[WID-SEC-2026-0811] Uptime Kuma: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 6.5 (mittel) CVSS Temporal Score 5.9 (mittel) Remoteangriff ja Datum 22.03.2026 Stand 23.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
Produktbeschreibung
Uptime Kuma ist eine Open-Source-Software zur Überwachung der Verfügbarkeit von Diensten und Servern.
Produkte
22.03.2026
- Open Source Uptime Kuma <2.2.1
Angriff
Angriff
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Uptime Kuma ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.