CVE-2026-0239
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk6th percentile - higher than 6% of all known CVEs
Summary
An information disclosure vulnerability in Chronosphere Chronocollector allows an unauthenticated attacker with network access to the collector service to retrieve sensitive information.
Risk Assessment
The risk involves potential leakage of confidential organizational data, such as configurations, API keys, or telemetry data, without requiring authentication.
Recommendation
It is recommended to immediately apply patches provided by the vendor and restrict network access to the Chronocollector service to trusted hosts only.
Original NVD description (English source)
An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

