The vulnerability is a missing ownership check in the AlertRule.FailTriggerTasks function of Nezha Monitoring. A user assigned the RoleMember role can trigger any other authenticated user's scheduled cron task without regard for ownership or permission. This flaw allows the attacker to execute arbitrary commands or scripts configured for those tasks, effectively granting elevated privileges on the monitored host. It represents the Common Weakness Enumerations CWE-862 (Missing Authorization) and CWE-863 (Missing Explicit Authorization).

Nezha Monitoring versions 1.4.0 through 2.0.7 are affected. The problem was resolved in version 2.0.8, which adds proper ownership verification before executing a user's cron task. Versions older than 1.4.0 or newer than 2.0.8 are not impacted.

The CVSS score of 7.1 indicates a moderate-to-high risk. The EPSS score of less than 1% suggests a very low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a legitimate authenticated session with the RoleMember role, making it an internal privilege escalation scenario. Despite the low probability, an attacker with such access could execute arbitrary functionality and potentially compromise system integrity or confidentiality. Upgrading or restricting RoleMember permissions mitigates this risk.