CVE Catalog

CVE-2026-47120

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile - higher than 28% of all known CVEs

Summary

Nezha Monitoring versions from 1.4.0 to before 2.0.8 allow RoleMember to trigger other users' cron tasks without ownership checks. This issue has been patched in version 2.0.8.

Risk Assessment

The organization may be exposed to unauthorized execution of cron tasks, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to upgrade Nezha Monitoring to version 2.0.8 or later to mitigate this vulnerability.

Original NVD description (English source)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). This issue has been patched in version 2.0.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS