Nezha Monitoring: Authenticated users can claim the dashboard Host through...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.

Basic Information

ID CVE-2026-53520

Source GitHub_M

Published Jun 12, 2026 at 21:03

Affected Product

Vendor nezhahq

Product nezha

Version >= 2.0.14, < 2.1.0

Affected Versions nezhahq nezha >= 2.0.14, < 2.1.0

CWE Classification

CWE-284

References

github.com /nezhahq/nezha/security/advisories/GHSA-x6fg-52vr-hj4w

{
    "lastseen": "",
    "description": "Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.",
    "published": "2026-06-12T21:03:58.782Z",
    "modified": "2026-06-12T21:03:58.782Z",
    "type": "cve",
    "title": "Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing",
    "source": "GitHub_M",
    "references": "https://github.com/nezhahq/nezha/security/advisories/GHSA-x6fg-52vr-hj4w",
    "id": "CVE-2026-53520",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "nezhahq nezha >= 2.0.14, < 2.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nezha",
    "version": ">= 2.0.14, < 2.1.0",
    "vendor": "nezhahq",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing_CVE-2026-53520