pkg:Go/github.com/nezhahq/nezha

所有已知漏洞

• CRITICAL9.9CVE-2026-46716Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron
  >= 1.4.0, < 1.14.15-0.20260517022419-d7526351cf97
• HIGH8.5CVE-2026-46717Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification
  >= 1.4.0, < 1.14.15-0.20260517022419-d06d539d34c1
• HIGH7.1CVE-2026-48119Nezha's authenticated agents can forge service-monitor results for other users' services
  >= 0.20.0, < 1.14.15-0.20260521020202-02129f16fb15
• MEDIUM6.5CVE-2026-47124Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server telemetry to authenticated members
  >= 1.4.0, < 1.14.15-0.20260517034128-05e5da253519
• MEDIUM6.4CVE-2026-47268Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host
  >= 0.20.0, < 2.0.10
• MEDIUM5.4CVE-2026-47120Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)
  >= 1.4.0, < 1.14.15-0.20260517022419-d7526351cf97