PatchSiren cyber security CVE debrief
CVE-2026-47124 nezhahq CVE debrief
CVE-2026-47124 is a medium-severity vulnerability in Nezha Monitoring, a self-hostable, lightweight tool for monitoring servers and websites. From version 1.4.0 to before version 2.0.9, any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other users. The normal server list API filters objects by HasPermission, but the WebSocket stream treats the presence of any authenticated user as authorization for the full unfiltered server list. This issue has been patched in version 2.0.9.
- Vendor
- nezhahq
- Product
- nezha
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Nezha Monitoring, particularly those with multi-user setups, should be aware of this vulnerability. An attacker with authenticated non-admin access could potentially access sensitive telemetry data for servers they do not own.
Technical summary
The vulnerability exists in the WebSocket implementation of Nezha Monitoring's server-status feature. Unlike the REST API for server lists, which filters results based on user permissions (HasPermission), the WebSocket stream does not perform this filtering. As a result, any authenticated user, regardless of their role, can access telemetry data for all servers monitored by the Nezha instance.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade Nezha Monitoring to version 2.0.9 or later to patch this vulnerability.
- Review and restrict WebSocket connections to the server-status feature, ensuring only authorized users can access telemetry data.
- Monitor for any suspicious WebSocket connections to the server-status endpoint.
Evidence notes
This vulnerability was patched in version 2.0.9 of Nezha Monitoring. The CVE was published on June 12, 2026, with a CVSS score of 6.5 (MEDIUM severity).
Official resources
-
CVE-2026-47124 CVE record
CVE.org
-
CVE-2026-47124 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47124 was published on 2026-06-12T22:16:51.250Z.