Skip to main content

Nezha Monitoring CVE-2026-53520

| EUVD-2026-36599 MEDIUM
Improper Access Control (CWE-284)
2026-06-12 GitHub_M
Authentication Bypass Nezha
6.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Low-privilege authentication required (PR:L); network-accessible endpoint (AV:N); no complexity beyond holding valid credentials; impact is complete availability loss with no confidentiality or integrity component.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 12, 2026 - 23:01 EUVD
Analysis Generated
Jun 12, 2026 - 22:18 vuln.today

DescriptionCVE.org

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.

AnalysisAI

Nezha Monitoring versions 2.0.14 through 2.1.0 (exclusive) allows any authenticated user to exploit the NAT-based Host claiming mechanism to preempt all dashboard routing, resulting in complete availability loss for the monitoring platform. The vulnerability stems from CWE-284 (Improper Access Control) - the application fails to properly restrict which authenticated principals may register or override a dashboard Host identity via NAT traversal. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege dashboard credentials
Delivery
Send crafted NAT Host claim request
Exploit
Preempt dashboard Host registration
Execution
Override all routing entries
Persist
Deny monitoring agents dashboard access
Impact
Availability of dashboard lost
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated session on the Nezha dashboard (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 score of 6.5 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) accurately reflects the primary risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user - such as a malicious insider or an attacker who has compromised a low-privilege dashboard account - sends crafted NAT Host claim requests to the Nezha dashboard, registering themselves as the authoritative Host and preempting existing routing entries. This causes legitimate monitoring agents to lose their routing path to the dashboard, rendering the monitoring and alerting system unavailable. …
Remediation Upgrade Nezha Monitoring to version 2.1.0 or later, which contains the vendor-released patch for this issue. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-53519 CRITICAL
9.1 Jun 12

Unauthenticated path traversal in Nezha Monitoring (nezhahq/nezha) before 2.0.13 allows remote attackers to read arbitra
CVE-2026-53523 MEDIUM
6.8 Jun 12

Host header injection in Nezha Monitoring versions 1.0.0 through 2.2.0 allows unauthenticated remote attackers to redire
CVE-2026-53522 MEDIUM
6.5 Jun 12

Unbounded WebSocket stream allocation in Nezha Monitoring versions 1.0.0 through 2.1.x allows any authenticated dashboar
CVE-2026-53521 MEDIUM
6.4 Jun 12

Incorrect authorization in Nezha Monitoring's DDNS profile subsystem allows an authenticated low-privilege member to pre

Share

CVE-2026-53520 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy