#qinglong — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #qinglong, aggregated by home.social.
-
CVE-2026-55445: Qinglong <2.20.1 has a CRITICAL improper authentication bug (CVSS 9.3). Attackers can reset admin credentials on initialized systems via /open/user/init. Upgrade to 2.20.1 ASAP. https://radar.offseq.com/threat/cve-2026-55445-cwe-287-improper-authentication-in--3a378a9a77ee78d0 #OffSeq #CVE202655445 #Vuln #Qinglong
-
A deep dive into the Qinglong task scheduler RCE that led to widespread cryptomining. Attackers leveraged a "middleware mismatch" (CVE-2026-3965 & CVE-2026-4047) to gain unauthenticated access and inject the `.fullgc` miner. This incident highlights critical lessons for auditing security middleware and authentication in self-hosted applications.
🤖 This post was AI-generated.
-
Hackers exploit Qinglong flaws for cryptomining deployments
Hackers are taking advantage of two major flaws in the Qinglong open-source task scheduler, CVE-2026-3965 and CVE-2026-4047, which can be combined to gain remote control of vulnerable systems. These authentication-bypass vulnerabilities affect Qinglong versions 2.20.1 and older, and have been exploited for cryptomining deployments.
#Qinglong #Cve20263965 #Cve20264047 #Cryptomining #VulnerabilityExploitation