CVE Catalog

CVE-2026-49397

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

Nezha Monitoring is a tool for monitoring servers and websites. In versions from 2.0.0 to before 2.0.14, private services were enumerable via per-server endpoints, leaking name and timing data.

Risk Assessment

Organizations may be exposed to the disclosure of sensitive information about private services, potentially leading to further attacks or security breaches.

Recommendation

It is recommended to upgrade to version 2.0.14 or later to mitigate this vulnerability.

Original NVD description (English source)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version 2.0.14.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS