GHSA-4G6J-G789-RGHM Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

Exploit for CVE-2026-46716

CVE-2026-46716 — Nezha Monitoring Cross-Tenant RCE via Cron AP...

GHSA-6X26-5727-RRM9 Nezha's authenticated DDNS webhook configuration allows blind SSRF from the dashboard host

Summary An authenticated Nezha dashboard user can create or update a DDNS profile with provider webhook and configure an arbitrary webhookurl, HTTP method, request body, and headers. When DDNS is triggered for a server that uses that profile, the dashboard process sends the configured request wit...

CVE-2026-47268

creationtimestamp| type| source ---|---|--- 2026-05-19 01:15:10+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-6x26-5727-rrm9...

CVE-2026-47124

creationtimestamp| type| source ---|---|--- 2026-05-17 03:49:16+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-hvv7-hfrh-7gxj...

CVE-2026-47120

creationtimestamp| type| source ---|---|--- 2026-05-17 02:58:22+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-rxf6-wjh4-jfj6...

CVE-2026-46716

creationtimestamp| type| source ---|---|--- 2026-05-17 02:58:20+00:00| published-proof-of-concept| https://github.com/nezhahq/nezha/security/advisories/GHSA-99gv-2m7h-3hh9 2026-05-30 03:00:04+00:00| seen| https://t.me/GithubRedTeam/86474 2026-05-30 07:00:13+00:00| seen|...

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

It's getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they're blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut "hacker stories" now looks more like a mirror of the...

Hackers Abuse Popular Monitoring Tool Nezha as a Stealth Trojan

Cybersecurity firm Ontinue reveals how the open-source tool Nezha is being used as a Remote Access Trojan RAT to bypass security and control servers globally...

Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave

Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use...

Ubuntu: Security Advisory (USN-6523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6523-1: u-boot-nezha vulnerability

It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-2347 Nicolas Bidron and Nicolas Guigo discovered that U-Boot...

Ubuntu 22.04 LTS / 23.04 : u-boot-nezha vulnerability (USN-6523-1)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6523-1 advisory. It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot t...