PatchSiren cyber security CVE debrief
CVE-2026-53520 nezhahq CVE debrief
CVE-2026-53520 is a medium-severity vulnerability in Nezha Monitoring, a self-hostable, lightweight monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, authenticated users can claim the dashboard Host through NAT and preempt all dashboard routing. This issue has been patched in version 2.1.0. The CVSS score for this vulnerability is 6.5, indicating a medium severity.
- Vendor
- nezhahq
- Product
- nezha
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Nezha Monitoring versions 2.0.14 to 2.1.0 should apply the patch in version 2.1.0 to prevent authenticated users from claiming the dashboard Host through NAT and preempting all dashboard routing.
Technical summary
The vulnerability exists in Nezha Monitoring from version 2.0.14 to before version 2.1.0. Authenticated users can exploit this vulnerability to claim the dashboard Host through NAT and preempt all dashboard routing. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Defensive priority
Medium
Recommended defensive actions
- Apply the patch in version 2.1.0 of Nezha Monitoring to prevent authenticated users from claiming the dashboard Host through NAT and preempting all dashboard routing.
Evidence notes
The CVE record for CVE-2026-53520 can be found at [cve-org]. The NVD detail for this vulnerability is available at [nvd]. The source item URL is [source-item]. A source reference for this vulnerability is available at [ref-4].
Official resources
-
CVE-2026-53520 CVE record
CVE.org
-
CVE-2026-53520 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-53520 was published on 2026-06-12T22:16:52.097Z and has not been modified since then.