CVE-2026-46717: CWE-863: Incorrect Authorization in nezhahq nezha
Nezha Monitoring versions from 1.4.0 up to but not including 2.0.8 have an authorization vulnerability in their dashboard. The notification API endpoints POST /api/v1/notification and PATCH /api/v1/notification/:id are accessible to RoleMember users due to improper handler assignment. These endpoints synchronously send HTTP requests to user-controlled URLs and reflect the full response body back to the caller on non-2xx responses. This issue was fixed in version 2.0.8.
AI Analysis
Technical Summary
Nezha Monitoring, a self-hostable monitoring tool, has an incorrect authorization vulnerability (CWE-863) in versions 1.4.0 through before 2.0.8. The dashboard supports two roles: RoleAdmin and RoleMember. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are handled by commonHandler instead of adminHandler, allowing RoleMember users to invoke them. These handlers send HTTP requests to URLs controlled by the user and reflect the entire response body back to the caller if the response status is not 2xx. This vulnerability was patched in version 2.0.8.
Potential Impact
An attacker with RoleMember privileges can invoke notification API endpoints that should be restricted to administrators. This allows sending HTTP requests to arbitrary URLs controlled by the attacker and receiving the full response body on error responses. The CVSS score of 7.7 indicates high severity with network attack vector, low attack complexity, and no user interaction required. Confidentiality impact is high, but integrity and availability impacts are none.
Mitigation Recommendations
Upgrade Nezha Monitoring to version 2.0.8 or later, where this authorization issue is fixed. Since this is a self-hosted product, administrators must apply this update to remediate the vulnerability. Patch status is confirmed by the vendor advisory stating the issue is fixed in version 2.0.8.
CVE-2026-46717: CWE-863: Incorrect Authorization in nezhahq nezha
Description
Nezha Monitoring versions from 1.4.0 up to but not including 2.0.8 have an authorization vulnerability in their dashboard. The notification API endpoints POST /api/v1/notification and PATCH /api/v1/notification/:id are accessible to RoleMember users due to improper handler assignment. These endpoints synchronously send HTTP requests to user-controlled URLs and reflect the full response body back to the caller on non-2xx responses. This issue was fixed in version 2.0.8.
CVSS v3.1
Score 7.7high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Nezha Monitoring, a self-hostable monitoring tool, has an incorrect authorization vulnerability (CWE-863) in versions 1.4.0 through before 2.0.8. The dashboard supports two roles: RoleAdmin and RoleMember. The notification routes POST /api/v1/notification and PATCH /api/v1/notification/:id are handled by commonHandler instead of adminHandler, allowing RoleMember users to invoke them. These handlers send HTTP requests to URLs controlled by the user and reflect the entire response body back to the caller if the response status is not 2xx. This vulnerability was patched in version 2.0.8.
Potential Impact
An attacker with RoleMember privileges can invoke notification API endpoints that should be restricted to administrators. This allows sending HTTP requests to arbitrary URLs controlled by the attacker and receiving the full response body on error responses. The CVSS score of 7.7 indicates high severity with network attack vector, low attack complexity, and no user interaction required. Confidentiality impact is high, but integrity and availability impacts are none.
Mitigation Recommendations
Upgrade Nezha Monitoring to version 2.0.8 or later, where this authorization issue is fixed. Since this is a self-hosted product, administrators must apply this update to remediate the vulnerability. Patch status is confirmed by the vendor advisory stating the issue is fixed in version 2.0.8.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-15T23:26:58.310Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c7c90e617e2d834c6c7a6
Added to database: 6/12/2026, 9:39:28 PM
Last enriched: 6/12/2026, 9:54:49 PM
Last updated: 6/13/2026, 12:05:56 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.