CVE-2026-53521EPSS p13.3%

CVE-2026-53521CVE-2026-53521

Description

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 2.0.14 to before version 2.1.0, PATCH /server/{id} accepts and persists nonexistent ddns_profiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the context of the attacker's server. This issue has been patched in version 2.1.0.

Scoring

CVSS 6.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
EPSS0.23% probability of exploitation · percentile 13.3% · 2026-06-18T12:00:27Z
Last modified2026-06-15
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.