CVE-2026-29779: UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-29779

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

UptimeFlare: Montior config / Credentials in `workerConfig` exposed in client-side JavaScript bundle

Source: NVD (National Vulnerability Database)

Vulnerability Description

UptimeFlare is a serverless uptime monitoring & status page solution, powered by Cloudflare Workers. Prior to commit 377a596, configuration file uptime.config.ts exports both pageConfig (safe for client use) and workerConfig (server-only, contains sensitive data) from the same module. Due to pages/incidents.tsx importing and using workerConfig directly inside client-side component code, the entire workerConfig object was included in the client-side JavaScript bundle served to all visitors. This issue has been patched via commit 377a596.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

UptimeFlare 信息泄露漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

UptimeFlare是lyc8503个人开发者的一个基于云服务的网站可用性监控与状态页面软件。 UptimeFlare存在信息泄露漏洞，该漏洞源于客户端代码直接导入服务器端配置，可能导致敏感数据泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
lyc8503	UptimeFlare	< 377a5963c66ba9a798abebfe8d80378b053435e9	-

II. Public POCs for CVE-2026-29779

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-29779

Please Login to view more intelligence information

https://github.com/lyc8503/UptimeFlare/issues/198x_refsource_MISC
https://github.com/lyc8503/UptimeFlare/security/advisories/GHSA-36q9-v7p3-vj6vx_refsource_CONFIRM
https://github.com/lyc8503/UptimeFlare/commit/377a5963c66ba9a798abebfe8d80378b053435e9x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2026-29779

IV. Related Vulnerabilities

Same weakness: CWE-200

V. Comments for CVE-2026-29779

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2026-29779

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-29779

III. Intelligence Information for CVE-2026-29779

IV. Related Vulnerabilities

V. Comments for CVE-2026-29779

Leave a comment