CVE Catalog

CVE-2026-47268

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

Nezha Monitoring before version 2.0.10 allows authenticated users to create or update a DDNS profile with any webhook_url, leading to an SSRF vulnerability. Low-privileged users can send HTTP requests to internal network services.

Risk Assessment

The organization may be exposed to attacks that exploit internal services, potentially leading to data leakage or state changes in the system. Low user privileges can be exploited for unauthorized actions.

Recommendation

It is recommended to update Nezha Monitoring to version 2.0.10 or later to mitigate this vulnerability. Additionally, user permissions should be reviewed and network traffic monitored for potential abuse.

Original NVD description (English source)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.10, an authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhook_url, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request with utils.HttpClient without the SSRF protections used by notification webhooks. This allows a low-privileged authenticated user who controls an owned server/DDNS profile to make the dashboard host issue HTTP requests to loopback or internal network services. The response body is not returned to the attacker in the confirmed path, so this is a blind SSRF / internal state-changing request primitive. This issue has been patched in version 2.0.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS