Description
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.
Published: 2026-06-12
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to send a crafted cross‑site GET request that triggers previously stored cron commands on Nezha Monitoring agents. By executing these commands, the attacker can run arbitrary code with the privileges of the agent process, potentially compromising the confidentiality, integrity, and availability of the monitored host. The weakness is a Cross‑Site Request Forgery flaw identified as CWE‑352.

Affected Systems

Nezha HQ’s Nezha Monitoring product is impacted. All releases from version 1.0.0 up to, but not including, 2.0.14 are vulnerable. Upgrading to version 2.0.14 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.1 rates the flaw as a medium severity issue. The EPSS score of less than 1% indicates a low likelihood of exploitation at present, and the flaw is not listed in the CISA KEV catalog. Exploitation requires delivery of a cross‑site GET request to the agent endpoint, which may be possible if the agent is reachable from untrusted networks or if the attacker can embed the request in a trusted web context. If reached, the attacker can achieve remote command execution on the agent.

Generated by OpenCVE AI on June 12, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Nezha Monitoring to version 2.0.14 or later to eliminate the vulnerability.
  • Restrict external access to the agent endpoints, ensuring that only trusted networks or internal traffic can reach them.
  • Monitor agent logs for unexpected cron command executions and review agent command configuration to ensure only trusted tasks are scheduled.

Generated by OpenCVE AI on June 12, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8qhj-4f8c-j8qg Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents
History

Fri, 12 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.
Title Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's agents
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-12T21:03:28.297Z

Reserved: 2026-05-29T19:08:01.256Z

Link: CVE-2026-49396

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:51.677

Modified: 2026-06-12T22:16:51.677

Link: CVE-2026-49396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T22:30:08Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)