VYPR
Medium severity6.0OSV Advisory· Published Mar 17, 2025· Updated Apr 15, 2026

CVE-2025-26042

CVE-2025-26042

Description

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
uptime-kumanpm
>= 1.15.0, <= 1.23.16
uptime-kumanpm
>= 2.0.0-beta.0, < 2.0.0-beta.22.0.0-beta.2

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.