Vulnerability Report

CVE-2026-46716

RCE

Title: Nezha Monitoring RCE across tenants

RCE

Proof Of Concept

PoC Available for CVE-2026-46716

CWE Category CWE-78

Published Date Jun 12, 2026

Modified Date Jun 15, 2026

Exploit Status Available

Score 9.9 CVSS v3.1

Exploit Probability (EPSS)

0.49%

Vulnerability Summary

CVE-2026-46716: Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user can create a scheduled cron task with Cover=CronCoverAll, Servers=[] and an arbitrary Command. At every tick of the scheduler, the dashboard pushes that command to every server in the global ServerShared map — including servers that belong to other tenants (admin's servers, other members' servers). Each agent runs the command and returns the output, which is then sent to the attacker's own NotificationGroup → attacker-controlled webhook. This issue has been patched in version 2.0.8.

Impacted Vendors

Analysis in Progress...

Reference Links

https://github.com/nezhahq/nezha/security/advisories/GHSA-99gv-2m7h-3hh9

CVSS v3.1

Source Entity [email protected]

Severity CRITICAL

9.9

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-46716 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/HAERIN-L/POC_CVE-2026-46716

View Code

June 15, 2026 MODIFIED

Vulnerability data updated via NVD.

June 15, 2026 MODIFIED

Vulnerability data updated via NVD.

June 12, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Stack

No specific products linked.