CVE-2026-48119— Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48119
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nezha Monitoring: Authenticated agents can forge service-monitor results for other users' services
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 0.20.0 to before version 2.0.12, authenticated agents can forge service-monitor results for other users' services. This issue has been patched in version 2.0.12.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nezha Monitoring 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nezha Monitering是Nezha Monitoring组织开源的一款自托管、轻量级的服务器和网站监控及运维工具。 Nezha Monitoring 0.20.0版本至2.0.12之前版本存在授权问题漏洞,该漏洞源于授权问题,可能允许经过身份验证的代理伪造其他用户服务的服务监控结果。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48119
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8906 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-48119
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48119 (1)
Same Patch Batch · nezhahq · 2026-06-12 · 13 CVEs total
| CVE-2026-46716 | 9.9 CRITICAL | Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /ap |
| CVE-2026-53519 | 9.1 CRITICAL | Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secr |
| CVE-2026-46717 | 7.7 HIGH | Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /a |
| CVE-2026-47120 | 7.1 HIGH | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTas |
| CVE-2026-49396 | 7.1 HIGH | Nezha Monitoring: Cross-site GET request can trigger stored cron commands on a victim's ag |
| CVE-2026-53523 | 6.8 MEDIUM | Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection |
| CVE-2026-53520 | 6.5 MEDIUM | Nezha Monitoring: Authenticated users can claim the dashboard Host through NAT and preempt |
| CVE-2026-53522 | 6.5 MEDIUM | Nezha Monitoring: Unbounded WebSocket Streams — Resource Exhaustion DoS |
| CVE-2026-47124 | 6.5 MEDIUM | Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated mem |
| CVE-2026-53521 | 6.4 MEDIUM | Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's |
| CVE-2026-47268 | 6.4 MEDIUM | Nezha Monitoring: Authenticated DDNS webhook configuration allows blind SSRF from the dash |
| CVE-2026-49397 | 5.3 MEDIUM | Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-s |
IV. Related Vulnerabilities
Same product: nezha
- CVE-2026-53523
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injectio - CVE-2026-53522
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exh - CVE-2026-53521
Nezha Monitoring: Stored future DDNS profile ID allows unaut - CVE-2026-53520
Nezha Monitoring: Authenticated users can claim the dashboar - CVE-2026-53519
Nezha Monitoring: Pre-auth path traversal via /dashboard.. p
Same vendor: nezhahq
- CVE-2026-53523
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injectio - CVE-2026-53522
Nezha Monitoring: Unbounded WebSocket Streams — Resource Exh - CVE-2026-53521
Nezha Monitoring: Stored future DDNS profile ID allows unaut - CVE-2026-53520
Nezha Monitoring: Authenticated users can claim the dashboar - CVE-2026-53519
Nezha Monitoring: Pre-auth path traversal via /dashboard.. p
Same weakness: CWE-862
- CVE-2026-12119
Simple File List <= 6.3.7 - Missing Authorization to Authent - CVE-2026-11912
Simple File List <= 6.3.7 - Missing Authorization to Unauthe - CVE-2026-56213
Capgo - Unauthenticated Cross-Tenant Metrics Poisoning via u - CVE-2026-48582
Microsoft Exchange Online Elevation of Privilege Vulnerabili - CVE-2026-12238
WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Cre
V. Comments for CVE-2026-48119
No comments yet