CVE Catalog

CVE-2026-49396

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

6th percentile - higher than 6% of all known CVEs

Summary

Nezha Monitoring is a tool for monitoring servers and websites. In versions from 1.0.0 to before 2.0.14, a malicious cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.

Risk Assessment

An attacker could exploit this vulnerability to execute unauthorized commands on the victim's systems, potentially leading to serious security breaches.

Recommendation

It is recommended to upgrade Nezha Monitoring to version 2.0.14 or later to mitigate this vulnerability.

Original NVD description (English source)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS