nezhahq Nezha Vulnerabilities
Nezhahq Nezha vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Nezha Monitoring: OAuth2 Redirect URL β Host Header Injection
CVE-2026-53523NezhahqNezha6.8MEDIUMNezha Monitoring: Unbounded WebSocket Streams β Resource Exhaustion DoS
CVE-2026-53522NezhahqNezha6.5MEDIUMNezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
CVE-2026-53521NezhahqNezha6.4MEDIUMNezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing
CVE-2026-53520NezhahqNezha6.5MEDIUMNezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key
CVE-2026-53519NezhahqNezha9.1CRITICALNezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
CVE-2026-49397NezhahqNezha5.3MEDIUMNezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents
CVE-2026-49396NezhahqNezha7.1HIGHNezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
CVE-2026-48119NezhahqNezha7.1HIGHNezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
CVE-2026-47124NezhahqNezha6.5MEDIUMNezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
CVE-2026-47120NezhahqNezha7.1HIGHNezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
CVE-2026-46717NezhahqNezha7.7HIGHNezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
CVE-2026-46716NezhahqNezha9.9CRITICALNezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
CVE-2026-47268NezhahqNezha6.4MEDIUM