PatchSiren cyber security CVE debrief
CVE-2026-53522 nezhahq CVE debrief
CVE-2026-53522 is a MEDIUM severity vulnerability in Nezha Monitoring, a self-hostable, lightweight monitoring and O&M tool. The issue allows for unbounded map growth, potentially leading to resource exhaustion, due to the lack of rate limiting, semaphores, or connection caps in the dashboard's WebSocket stream creation endpoints.
- Vendor
- nezhahq
- Product
- nezha
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Nezha Monitoring, especially those hosting it, should be aware of this vulnerability. Administrators and security teams monitoring for potential resource exhaustion attacks or issues should also take note.
Technical summary
Nezha Monitoring, from version 1.0.0 to before version 2.2.0, exposes two endpoints (POST /api/v1/terminal and POST /api/v1/file) that create long-lived WebSocket streams to monitored agents. These endpoints call rpc.NezhaHandlerSingleton.CreateStream, which inserts a new ioStreamContext into an unbounded map[string]*ioStreamContext. The lack of per-user rate limiting, global semaphores, and per-server connection caps allows for potential resource exhaustion.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to Nezha Monitoring version 2.2.0 or later.
- Implement rate limiting and connection caps if upgrading is not feasible.
- Monitor resource usage and WebSocket connections.
Evidence notes
The CVE-2026-53522 issue has been patched in version 2.2.0 of Nezha Monitoring. For more information, see the [GitHub security advisory](resourceLinkAnnotations.ref-4).
Official resources
-
CVE-2026-53522 CVE record
CVE.org
-
CVE-2026-53522 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-53522 was published on 2026-06-12T22:16:52.377Z.