ByteOS Network

CVE Vulnerability Details :

CVE-2026-47120

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-12 Jun, 2026 | 21:02

Updated At-12 Jun, 2026 | 21:02

▼CVE Numbering Authority (CNA)

Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check). This issue has been patched in version 2.0.8.

Affected Products

Vendor

nezhahq

Product

nezha

Versions

Affected

>= 1.4.0, < 2.0.8

Problem Types

Type	CWE ID	Description
CWE	CWE-862	CWE-862: Missing Authorization
CWE	CWE-863	CWE-863: Incorrect Authorization

Type: CWE

CWE ID: CWE-862

Description: CWE-862: Missing Authorization

Type: CWE

CWE ID: CWE-863

Description: CWE-863: Incorrect Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

References

Hyperlink	Resource
https://github.com/nezhahq/nezha/security/advisories/GHSA-rxf6-wjh4-jfj6	x_refsource_CONFIRM

Hyperlink: https://github.com/nezhahq/nezha/security/advisories/GHSA-rxf6-wjh4-jfj6

Resource:

x_refsource_CONFIRM

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References