Chronosphere — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/chronosphere/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 13 May 2026 16:06:48 +0000CVE-2026-0239 Chronosphere Chronocollector Information Disclosure Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-05-chronosphere-info-disclosure/Wed, 13 May 2026 16:06:48 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-chronosphere-info-disclosure/CVE-2026-0239 is an information disclosure vulnerability in Chronosphere Chronocollector versions earlier than v0.116.0, allowing an unauthenticated attacker with network access to retrieve sensitive information.CVE-2026-0239 is an information disclosure vulnerability affecting Chronosphere Chronocollector versions prior to v0.116.0. This vulnerability allows an unauthenticated attacker with network access to the Chronocollector service to retrieve sensitive information. No special configuration is required for a Chronosphere Chronocollector instance to be vulnerable. Palo Alto Networks internally discovered and reported this issue. Successful exploitation could lead to the exposure of sensitive system information.

Attack Chain

  1. Attacker gains network access to the Chronosphere Chronocollector service.
  2. Attacker sends a specially crafted request to the Chronocollector service.
  3. The Chronocollector service processes the malicious request without proper authorization checks.
  4. Due to the information disclosure vulnerability (CVE-2026-0239), the Chronocollector service exposes sensitive information.
  5. Attacker receives the sensitive information from the Chronocollector service in the response.
  6. Attacker analyzes the disclosed information to identify valuable data.
  7. Attacker may use the disclosed information to further compromise the system or network.

Impact

Successful exploitation of CVE-2026-0239 allows an unauthenticated attacker to retrieve sensitive information from the Chronosphere Chronocollector service. The number of victims is dependent on the number of Chronosphere Chronocollector instances running vulnerable versions. The sectors targeted depend on the organization’s using the affected Chronosphere Chronocollector. This could lead to further compromise of the system or network.

Recommendation

  • Upgrade Chronosphere Chronocollector to version v0.116.0 or later to remediate CVE-2026-0239 (see Solution section).
  • Deploy the Sigma rule to detect suspicious network activity indicative of information disclosure attempts against the Chronosphere Chronocollector service.
]]>mediumadvisoryinformation disclosurevulnerabilitynetwork