{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/chronosphere/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Chronosphere Chronocollector \u003c v0.116.0"],"_cs_severities":["medium"],"_cs_tags":["information disclosure","vulnerability","network"],"_cs_type":"advisory","_cs_vendors":["Palo Alto Networks","Chronosphere"],"content_html":"\u003cp\u003eCVE-2026-0239 is an information disclosure vulnerability affecting Chronosphere Chronocollector versions prior to v0.116.0. This vulnerability allows an unauthenticated attacker with network access to the Chronocollector service to retrieve sensitive information. No special configuration is required for a Chronosphere Chronocollector instance to be vulnerable. Palo Alto Networks internally discovered and reported this issue. Successful exploitation could lead to the exposure of sensitive system information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network access to the Chronosphere Chronocollector service.\u003c/li\u003e\n\u003cli\u003eAttacker sends a specially crafted request to the Chronocollector service.\u003c/li\u003e\n\u003cli\u003eThe Chronocollector service processes the malicious request without proper authorization checks.\u003c/li\u003e\n\u003cli\u003eDue to the information disclosure vulnerability (CVE-2026-0239), the Chronocollector service exposes sensitive information.\u003c/li\u003e\n\u003cli\u003eAttacker receives the sensitive information from the Chronocollector service in the response.\u003c/li\u003e\n\u003cli\u003eAttacker analyzes the disclosed information to identify valuable data.\u003c/li\u003e\n\u003cli\u003eAttacker may use the disclosed information to further compromise the system or network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0239 allows an unauthenticated attacker to retrieve sensitive information from the Chronosphere Chronocollector service. The number of victims is dependent on the number of Chronosphere Chronocollector instances running vulnerable versions. The sectors targeted depend on the organization\u0026rsquo;s using the affected Chronosphere Chronocollector. This could lead to further compromise of the system or network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Chronosphere Chronocollector to version v0.116.0 or later to remediate CVE-2026-0239 (see Solution section).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious network activity indicative of information disclosure attempts against the Chronosphere Chronocollector service.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T16:06:48Z","date_published":"2026-05-13T16:06:48Z","id":"https://feed.craftedsignal.io/briefs/2026-05-chronosphere-info-disclosure/","summary":"CVE-2026-0239 is an information disclosure vulnerability in Chronosphere Chronocollector versions earlier than v0.116.0, allowing an unauthenticated attacker with network access to retrieve sensitive information.","title":"CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-chronosphere-info-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Chronosphere","version":"https://jsonfeed.org/version/1.1"}