CVE-2026-47120
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
Nezha Monitoring versions from 1.4.0 to before 2.0.8 allow RoleMember to trigger other users' cron tasks without ownership checks. This issue has been patched in version 2.0.8.
Risk Assessment
The organization may be exposed to unauthorized execution of cron tasks, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to upgrade Nezha Monitoring to version 2.0.8 or later to mitigate this vulnerability.
Original NVD description (English source)
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). This issue has been patched in version 2.0.8.

