CVE-2026-49397

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.0 to before version 2.0.14, private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data. This issue has been patched in version 2.0.14.

Vulnerability Details

Published Date

June 10, 2026

Last Modified

June 12, 2026

CWE ID

CWE-200

Source

GitHub

Vendor

Product

github.com/nezhahq/nezha

External References

https://github.com/nezhahq/nezha/security/advisories/GHSA-vrmh-5mmx-hjwx
https://github.com/advisories/GHSA-vrmh-5mmx-hjwx

CVE-2026-49397

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment