Description
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the context of the attacker's server. This issue has been patched in version 2.1.0.
Published: 2026-06-12
Score: 6.4 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the PATCH /server/{id} endpoint, which accepts and persists DDNS profile identifiers that do not yet exist for a member‑owned server. When another user later creates a DDNS profile with one of those placeholder IDs, the DDNS worker resolves the stored identifier and dispatches an update using the other user's DDNS profile configuration in the context of the attacker's server. This flaw, classified as CWE‑863, allows an attacker to force the system to use an unauthorized DDNS configuration on a target server, potentially altering DNS records without the victim’s consent.

Affected Systems

Nezha Monitoring, a self‑hosted monitoring tool, is affected from version 2.0.14 up to but not including 2.1.0. Users running any 2.0.x build in that range are vulnerable.

Risk and Exploitability

The CVSS score of 6.4 indicates a moderate severity. No EPSS score is reported and the vulnerability is not listed in the CISA KEV catalog, suggesting limited publicly known exploitation. Exploitation requires authenticated access to create a member‑owned server and later relies on a victim creating a DDNS profile with the same ID that an attacker had persisted. The attack vector is remote, through HTTP requests, and could be automated. If successful, the attacker can impersonate the victim’s DDNS configuration, potentially redirecting traffic or hijacking domain resolution.

Generated by OpenCVE AI on June 12, 2026 at 22:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Nezha Monitoring to version 2.1.0 or later to apply the vendor patch
  • After upgrading, audit existing servers for any residual references to nonexistent DDNS profile IDs and remove them if found
  • Monitor DDNS update logs for anomalous activity and review logs for unauthorized updates to detect potential misuse

Generated by OpenCVE AI on June 12, 2026 at 22:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the context of the attacker's server. This issue has been patched in version 2.1.0.
Title Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-12T21:04:27.196Z

Reserved: 2026-06-09T17:30:33.456Z

Link: CVE-2026-53521

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:52.230

Modified: 2026-06-12T22:16:52.230

Link: CVE-2026-53521

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-12T22:30:08Z

Weaknesses