VYPR
Moderate severityNVD Advisory· Published Mar 10, 2026· Updated Mar 10, 2026

OneUptime has WhatsApp Resend Verification Authorization Bypass

CVE-2026-30959

Description

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated (unlike the verify endpoint). This affects the UserWhatsAppAPI.ts endpoint and the UserWhatsAppService.ts service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@oneuptime/commonnpm
< 10.0.2110.0.21

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.