PatchSiren cyber security CVE debrief
CVE-2026-53521 nezhahq CVE debrief
Nezha Monitoring is a self-hostable, lightweight tool for monitoring servers and websites. A vulnerability exists in versions 2.0.14 to before 2.1.0, where the PATCH /server/{id} endpoint accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the context of the attacker's server. This issue has been patched in version 2.1.0.
- Vendor
- nezhahq
- Product
- nezha
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Nezha Monitoring, particularly those who have not upgraded to version 2.1.0, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability exists in the PATCH /server/{id} endpoint of Nezha Monitoring, where it accepts and persists nonexistent ddns_profiles IDs for a member-owned server. This allows an attacker to potentially dispatch an update using another user's DDNS profile configuration.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Nezha Monitoring version 2.1.0 or later.
- Review and restrict access to the PATCH /server/{id} endpoint.
- Monitor for suspicious activity related to DDNS profile updates.
Evidence notes
The CVE-2026-53521 vulnerability has a CVSS score of 6.4 and is classified as MEDIUM severity. The vulnerability was published on 2026-06-12T22:16:52.230Z and has not been modified since.
Official resources
-
CVE-2026-53521 CVE record
CVE.org
-
CVE-2026-53521 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-53521 was published on 2026-06-12T22:16:52.230Z.