CVE-2026-33130 | louislam uptime-kuma up to 2.2.0 notification-provider.js require.resolve filename control

Inserito da Angelo Barbosa | Mar 20, 2026 | CVE

A vulnerability categorized as problematic has been discovered in louislam uptime-kuma up to 2.2.0. This affects the function require.resolve of the file notification-provider.js. Such manipulation leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is uniquely identified as CVE-2026-33130. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-33130 | louislam uptime-kuma up to 2.2.0 notification-provider.js require.resolve filename control

Post correlati

CVE-2024-52279 | Apache Zeppelin up to 0.11.x JDBC URL Validation input validation

CVE-2024-11201 | myCred Plugin up to 2.7.5.2 on WordPress Shortcode mycred_send cross site scripting

CVE-2024-8387 | Mozilla Firefox up to 129.x memory corruption

CVE-2025-24771 | Content Manager Light Plugin up to 3.2 on WordPress cross site scripting