CVE Catalog

CVE-2026-0239

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile - higher than 6% of all known CVEs

Summary

An information disclosure vulnerability in Chronosphere Chronocollector allows an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

Risk Assessment

The risk involves potential leakage of confidential organizational data, such as configurations, API keys, or telemetry data, without requiring authentication.

Recommendation

It is recommended to immediately apply patches provided by the vendor and restrict network access to the Chronocollector service to trusted hosts only.

Original NVD description (English source)

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS