Package impact
GO / github.com/nezhahq/nezha
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46716 | critical | — | 9.5 | 8d ago | Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron | |||
| CVE-2026-46717 | high | — | 8.0 | 8d ago | Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification | |||
| CVE-2026-47124 | medium | — | 5.5 | 8d ago | Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members | |||
| CVE-2026-47120 | medium | — | 5.5 | 8d ago | Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check) |