CVE-2026-53523
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability in the getRedirectURL function that constructs the OAuth2 callback URL without validating the Host header. This can lead to host header injection.
Risk Assessment
An attacker could exploit this vulnerability to hijack user sessions or redirect them to malicious sites. This poses a serious threat to the application's security and user data.
Recommendation
It is recommended to upgrade Nezha Monitoring to version 2.2.0 or later to mitigate this vulnerability. Additionally, implementing further header validation mechanisms in the application is advisable.
Original NVD description (English source)
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header. This can result in host header injection. This issue has been patched in version 2.2.0.

