All intelligence
// vulnerability record
live · NVDCVE-2025-26042
MEDIUMpublished 2025-03-17 19:15 UTC · 1 year ago · modified 2026-06-17 09:01 UTC
6.0
CVSS / 10
// description
Uptime Kuma >== 1.23.0 has a ReDoS vulnerability, specifically when an administrator creates a notification through the web service. If a string is provided it triggers catastrophic backtracking in the regular expression, leading to a ReDoS attack.
// cvss 3.1 vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:H
// weaknesses (CWE)
- CWE-1333