Description
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.
Published: 2026-06-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Authenticated users can claim the dashboard host through NAT, allowing them to preempt all routing on the monitoring dashboard. This flaw permits a user to take control over how traffic is directed within the dashboard, effectively overriding legitimate routing rules. The vulnerability is classified as a privilege escalation within the dashboard’s routing logic, meaning an attacker who authenticates can alter or seize control of dashboard traffic flow, potentially denying legitimate users access or redirecting data streams.

Affected Systems

The issue affects the Nezha Monitoring product from nezhahq:nezha, specifically versions ranging from 2.0.14 up to but not including 2.1.0. No other vendor or product versions are listed as impacted.

Risk and Exploitability

The CVSS score of 6.5 indicates a medium‑to‑high risk, and the lack of an EPSS score makes the current exploitation probability unclear; however, because the attack requires authentication, an attacker must first compromise a user account. The vulnerability is not yet listed in the CISA KEV catalog, suggesting no known widespread exploitation. Attackers could use the flaw to reconfigure dashboard routing, potentially redirecting or blocking legitimate monitoring traffic, and effectively take over the dashboard environment.

Generated by OpenCVE AI on June 12, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Nezha Monitoring to version 2.1.0 or later to apply the fixed handling of dashboard host claims.
  • Restrict authenticated user privileges to essential monitoring functions, ensuring only trusted administrators can access dashboard configuration.
  • Review and tighten NAT routing rules, removing unused or potentially malicious routes that could be exploited for host claims.
  • Enable logging of dashboard routing changes to detect unauthorized modifications promptly.

Generated by OpenCVE AI on June 12, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x6fg-52vr-hj4w Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing
History

Mon, 15 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sat, 13 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Nezhahq
Nezhahq nezha
Vendors & Products Nezhahq
Nezhahq nezha

Fri, 12 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.
Title Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-15T13:01:37.769Z

Reserved: 2026-06-09T17:30:33.456Z

Link: CVE-2026-53520

cve-icon Vulnrichment

Updated: 2026-06-15T13:01:32.407Z

cve-icon NVD

Status : Deferred

Published: 2026-06-12T22:16:52.097

Modified: 2026-06-15T20:46:57.713

Link: CVE-2026-53520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T12:30:04Z

Weaknesses