CVE-2026-49397
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
Nezha Monitoring is a tool for monitoring servers and websites. In versions from 2.0.0 to before 2.0.14, private services were enumerable via per-server endpoints, leaking name and timing data.
Risk Assessment
Organizations may be exposed to the disclosure of sensitive information about private services, potentially leading to further attacks or security breaches.
Recommendation
It is recommended to upgrade to version 2.0.14 or later to mitigate this vulnerability.
Original NVD description (English source)
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version 2.0.14.

