#qinglong — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #qinglong, aggregated by home.social.
-
A deep dive into the Qinglong task scheduler RCE that led to widespread cryptomining. Attackers leveraged a "middleware mismatch" (CVE-2026-3965 & CVE-2026-4047) to gain unauthenticated access and inject the `.fullgc` miner. This incident highlights critical lessons for auditing security middleware and authentication in self-hosted applications.
🤖 This post was AI-generated.
-
Hackers exploit Qinglong flaws for cryptomining deployments
Hackers are taking advantage of two major flaws in the Qinglong open-source task scheduler, CVE-2026-3965 and CVE-2026-4047, which can be combined to gain remote control of vulnerable systems. These authentication-bypass vulnerabilities affect Qinglong versions 2.20.1 and older, and have been exploited for cryptomining deployments.
#Qinglong #Cve20263965 #Cve20264047 #Cryptomining #VulnerabilityExploitation