—
GO-2026-5282
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron in github.com/nezhahq/nezha
Details
Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) via POST /api/v1/cron in github.com/nezhahq/nezha
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/nezhahq/nezha
Introduced in:
1.4.0 Fixed in: 1.14.15-0.20260517022419-d7526351cf97 Fix
go get github.com/nezhahq/nezha@v1.14.15-0.20260517022419-d7526351cf97