Primary

Context

OneUptime Unauthorized User Account Creation Vulnerability

Vulnerability

A vulnerability in OneUptime version 9.0.5598 allows low-permission users to create new accounts via a direct API request, bypassing the intended user interface. This issue has been addressed in version 9.1.0.

Impact

Exploitation of this vulnerability allows for the creation of unauthorized user accounts.

Reproduction

To reproduce this vulnerability, a low-permission user must send a crafted API request to the user-creation endpoint. The system will then process the request and create the account, effectively bypassing the normal interface restrictions.

Remediation

Users can upgrade to OneUptime version 9.1.0 to address this vulnerability.

Added: Nov 26, 2025, 7:18 PM

Updated: Nov 26, 2025, 7:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

7.7

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OneUptime Unauthorized User Account Creation Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating