CVE-2026-53520 | Nezha Monitoring is a self-hostable, lightweight, servers an… | CVSS 6.5 MEDIUM

Description

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0.

Metadata

CVE ID: CVE-2026-53520
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-09 17:30 UTC
Published: 2026-06-12 21:03 UTC
Last updated: 2026-06-12 21:03 UTC
Primary CWE: CWE-284
CWE-284: Improper Access Control
Vendor / Product: nezhahq / nezha
Sources: cve.org · NVD

Severity & Metrics

6.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products (1)

Vendor	Product	Platform	Versions
nezhahq	nezha	—	>= 2.0.14, < 2.1.0

Weakness (CWE)

CWE	Source	Description
CWE-284	cna	CWE-284: Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.5	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

https://github.com/nezhahq/nezha/security/advisories/GHSA-x6fg-52vr-hj4w https://github.com/nezhahq/nezha/security/advisories/GHSA-x6fg-52vr-hj4w