CVE-2026-53523

CVSS Score & Metrics

Base Score

6.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N                                    

Vulnerability Description

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header. This can result in host header injection. This issue has been patched in version 2.2.0.

Vulnerability Details

Published Date

June 12, 2026

Last Modified

June 12, 2026

CWE ID

CWE-601

Source

NVD

Vendor

nezhahq

Product

nezha

External References

https://github.com/nezhahq/nezha/security/advisories/GHSA-9rc6-8cjv-rcvx

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment