CVE Catalog

CVE-2026-53523

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

14th percentile — higher than 14% of all known CVEs

Summary

Nezha Monitoring versions from 1.0.0 to before 2.2.0 have a vulnerability in the getRedirectURL function that constructs the OAuth2 callback URL without validating the Host header. This can lead to host header injection.

Risk Assessment

An attacker could exploit this vulnerability to hijack user sessions or redirect them to malicious sites. This poses a serious threat to the application's security and user data.

Recommendation

It is recommended to upgrade Nezha Monitoring to version 2.2.0 or later to mitigate this vulnerability. Additionally, implementing further header validation mechanisms in the application is advisable.

Original NVD description (English source)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path, with zero validation of the Host header. This can result in host header injection. This issue has been patched in version 2.2.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS