CVE-2026-30959

UNKNOWN 0.0

OneUptime has WhatsApp Resend Verification Authorization Bypass

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated (unlike the verify endpoint). This affects the UserWhatsAppAPI.ts endpoint and the UserWhatsAppService.ts service.

CWE	CWE-285 CWE-307 CWE-639 CWE-862
Vendor	oneuptime
Product	oneuptime
Published	Mar 10, 2026
Last Updated	Mar 10, 2026

Stay Ahead of the Next One

Get instant alerts for oneuptime oneuptime

Be the first to know when new unknown vulnerabilities affecting oneuptime oneuptime are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OneUptime / oneuptime

< 10.0.21

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/OneUptime/oneuptime/security/advisories/GHSA-cw6x-mw64-q6pv github.com: https://github.com/OneUptime/oneuptime/releases/tag/10.0.21