Base Score

MEDIUM6

CVE-2025-26042

Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.

VectorNETWORK

Published Bycve@mitre.org

Published DateMar 17, 2025, 19:15

Affected Versions(2)

uptime-kuma(npm)

Introduced1.15.0

FixedN/A

LimitN/A

uptime-kuma(npm)

Introduced2.0.0-beta.0

Fixed2.0.0-beta.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
uptime-kuma(npm)	1.15.0	N/A	N/A
uptime-kuma(npm)	2.0.0-beta.0	2.0.0-beta.2	N/A

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

MEDIUM6

Weakness Type (CWE):CWE-1333

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

HIGH