CVE-2026-49396
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
Nezha Monitoring is a tool for monitoring servers and websites. In versions from 1.0.0 to before 2.0.14, a malicious cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.
Risk Assessment
An attacker could exploit this vulnerability to execute unauthorized commands on the victim's systems, potentially leading to serious security breaches.
Recommendation
It is recommended to upgrade Nezha Monitoring to version 2.0.14 or later to mitigate this vulnerability.
Original NVD description (English source)
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.

