CVE-2026-49396
CVE-2026-49396 affects Nezha Monitoring (versions 1.0.0 up to before 2.0.14). A cross-site GET request can trigger stored cron commands on a victim’s agents, enabling an attacker to force execution of an existing cron task via the victim’s authenticated session. The issue has been patched in vers...