CVE-2026-0239

Description

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

CVSS breakdown

CVSS 4.0

Attack Vector

Adjacent

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

None

Availability (Vulnerable System)

None

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Unchanged

None

Unchanged

Changed

Amber

Affected products

Palo Alto Networks / Chronosphere Chronocollector0.0.0 – v0.116.0

References

MISChttps://security.paloaltonetworks.com/CVE-2026-0239