CVE-2026-49396: CWE-352: Cross-Site Request Forgery (CSRF) in nezhahq nezha
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.
AI Analysis
Technical Summary
CVE-2026-49396 is a CWE-352 Cross-Site Request Forgery vulnerability affecting Nezha Monitoring, a self-hostable servers and websites monitoring tool. Versions from 1.0.0 to before 2.0.14 allow an attacker to use a cross-site GET request to execute stored cron commands on agents controlled by the victim. This could lead to unauthorized command execution initiated by the victim's browser. The vulnerability is fixed in version 2.0.14.
Potential Impact
An attacker can exploit this vulnerability to cause a victim's browser to send a crafted GET request that triggers stored cron commands on the victim's agents, resulting in unauthorized command execution. This impacts the integrity of the monitored systems and could lead to further compromise or disruption of operations. Confidentiality is not affected, but integrity is highly impacted, and availability impact is low.
Mitigation Recommendations
Upgrade Nezha Monitoring to version 2.0.14 or later, where this CSRF vulnerability has been patched. No other official remediation or temporary fixes are indicated. Until upgrading, restrict access to the monitoring interface to trusted users and networks to reduce exposure.
CVE-2026-49396: CWE-352: Cross-Site Request Forgery (CSRF) in nezhahq nezha
Description
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.0.14, cross-site GET request can trigger stored cron commands on a victim's agents. This issue has been patched in version 2.0.14.
CVSS v3.1
Score 7.1high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-49396 is a CWE-352 Cross-Site Request Forgery vulnerability affecting Nezha Monitoring, a self-hostable servers and websites monitoring tool. Versions from 1.0.0 to before 2.0.14 allow an attacker to use a cross-site GET request to execute stored cron commands on agents controlled by the victim. This could lead to unauthorized command execution initiated by the victim's browser. The vulnerability is fixed in version 2.0.14.
Potential Impact
An attacker can exploit this vulnerability to cause a victim's browser to send a crafted GET request that triggers stored cron commands on the victim's agents, resulting in unauthorized command execution. This impacts the integrity of the monitored systems and could lead to further compromise or disruption of operations. Confidentiality is not affected, but integrity is highly impacted, and availability impact is low.
Mitigation Recommendations
Upgrade Nezha Monitoring to version 2.0.14 or later, where this CSRF vulnerability has been patched. No other official remediation or temporary fixes are indicated. Until upgrading, restrict access to the monitoring interface to trusted users and networks to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-29T19:08:01.256Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c7c90e617e2d834c6c7b5
Added to database: 6/12/2026, 9:39:28 PM
Last enriched: 6/12/2026, 9:54:31 PM
Last updated: 6/13/2026, 4:19:21 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.