Information Disclosure in Chronosphere Chronocollector Affects Network Security
CVE-2026-0239

4.9MEDIUM

Key Information:

Vendor: Palo Alto Networks
Status: Chronosphere Chronocollector
Vendor: CVE Published:; 13 May 2026

🔔 Create Palo Alto Networks Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2026-0239?

The Chronosphere Chronocollector is prone to an information disclosure vulnerability that allows unauthenticated attackers with network access to the collector service to access sensitive data. This exposure could lead to unauthorized information retrieval, posing significant risks to organizational security and integrity. It is crucial for users to implement the latest security updates to mitigate potential threats.

Affected Version(s)

Chronosphere Chronocollector 0.0.0

References

https://security.paloaltonetworks.com/CVE-2026-0239

vendor-advisory

CVSS V4

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 13, 2026
Vulnerability published
May 13, 2026
Vulnerability Reserved
Nov 3, 2025

Credit

Palo Alto Networks thanks our internal security research teams for discovering and reporting this issue.

CVE-2026-0239 Data

JSON