CVE-2025-26042
📋 TL;DR
Uptime Kuma versions 1.23.0 and above contain a ReDoS vulnerability where an administrator creating a notification with a specially crafted string can trigger catastrophic backtracking in a regular expression, causing denial of service. This affects administrators who can access the notification creation interface in vulnerable Uptime Kuma instances.
💻 Affected Systems
- Uptime Kuma
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to CPU exhaustion from ReDoS, preventing monitoring of other services and potentially requiring manual intervention to restart the application.
Likely Case
Temporary service degradation or unavailability affecting the Uptime Kuma web interface and monitoring capabilities until the malicious request completes or is terminated.
If Mitigated
Minimal impact with proper input validation and rate limiting in place, potentially causing brief performance issues.
🎯 Exploit Status
Exploitation requires administrator credentials to access the notification creation interface. The vulnerability is well-documented in public GitHub issues and pull requests.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 7a9191761dbef6551c2a0aa6eed5f693ba48d688
Vendor Advisory: https://github.com/louislam/uptime-kuma/commit/7a9191761dbef6551c2a0aa6eed5f693ba48d688
Restart Required: Yes
Instructions:
1. Update Uptime Kuma to a version containing commit 7a9191761dbef6551c2a0aa6eed5f693ba48d688 or later. 2. Restart the Uptime Kuma service. 3. Verify the fix by checking the version or attempting to reproduce the vulnerability.
🔧 Temporary Workarounds
Restrict Administrator Access
allLimit administrator account access to trusted users only and implement strong authentication controls.
Disable Notification Creation
allTemporarily disable the notification creation functionality if not critically needed.
🧯 If You Can't Patch
- Implement strict input validation for notification strings to reject patterns that could trigger ReDoS.
- Deploy rate limiting on the notification creation endpoint to prevent repeated exploitation attempts.
🔍 How to Verify
Check if Vulnerable:
Check if your Uptime Kuma version is 1.23.0 or higher and if the commit 7a9191761dbef6551c2a0aa6eed5f693ba48d688 is not present.Check Version:
Check the Uptime Kuma web interface settings or run appropriate version check commands based on your installation method (e.g., docker inspect, package manager queries).Verify Fix Applied:
Verify that your Uptime Kuma instance includes commit 7a9191761dbef6551c2a0aa6eed5f693ba48d688 or is running a version released after this fix.📡 Detection & Monitoring
Log Indicators:
- Unusually long processing times for notification creation requests
- High CPU usage spikes correlated with notification creation events
- Repeated failed or timed-out notification creation attempts
Network Indicators:
- Increased HTTP request times to notification creation endpoints
- Multiple POST requests to /api/notifications endpoint from single sources
SIEM Query:
source="uptime-kuma" AND (uri_path="/api/notifications" AND request_time>10s) OR (process_name="node" AND cpu_usage>90%)