Skip to main content

Chronosphere Chronocollector EUVDEUVD-2026-30091

| CVE-2026-0239 MEDIUM
Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497)
2026-05-13 palo_alto GHSA-3544-2m8c-rh83
4.9
CVSS 4.0 · Vendor: palo_alto
Share

Severity by source

Vendor (palo_alto) PRIMARY
4.9 MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber

Primary rating from Vendor (palo_alto) · only source for this CVE.

CVSS VectorVendor: palo_alto

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:M/U:Amber
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 10:40 vuln.today
CVSS changed
May 13, 2026 - 19:22 NVD
4.9 (MEDIUM)
CVE Published
May 13, 2026 - 18:27 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

AnalysisAI

Unauthenticated information disclosure in Palo Alto Networks' Chronosphere Chronocollector exposes sensitive data to any attacker with adjacent network access to the collector service endpoint. All versions from 0.0.0 up to v0.116.0 are affected, with the fix released in v0.116.0. No public exploit code has been identified at time of analysis and CISA has not added this to the KEV catalog, but the CVSS 4.0 Value Density modifier of 'Concentrated' (V:C) suggests the data at risk may include high-value material such as credentials or configuration secrets.

Technical ContextAI

Chronosphere Chronocollector is a metrics and observability data collection agent (CPE: cpe:2.3:a:palo_alto_networks:chronosphere_chronocollector:*:*:*:*:*:*:*:*) used in cloud-native monitoring infrastructure. The root cause is classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), meaning the service exposes internal system or application data through an interface that should not surface it - typically via an API endpoint, debug route, or metadata service that lacks authentication enforcement. The CVSS 4.0 vector confirms no authentication (PR:N) and no user interaction (UI:N) are required, and the attack vector is Adjacent (AV:A), meaning the attacker must be on the same network segment, broadcast domain, or directly connected subnet - not reachable over the open internet without prior network access.

RemediationAI

Upgrade Chronosphere Chronocollector to version v0.116.0 or later, which resolves this vulnerability per the EUVD affected version range. The vendor advisory at https://security.paloaltonetworks.com/CVE-2026-0239 should be consulted for any additional deployment guidance. If immediate patching is not feasible, implement network-layer access controls to restrict which hosts or subnets can reach the Chronocollector service port - because the attack vector is Adjacent (AV:A), enforcing strict network segmentation (e.g., dedicated monitoring VLANs with ACLs) would prevent exploitation by blocking access from untrusted adjacent segments. Be aware that overly restrictive ACLs on the collector port could interrupt metrics ingestion pipelines, so changes should be validated in a staging environment. Host-based firewall rules on the collector host are a secondary option with less operational disruption.

Share

EUVD-2026-30091 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy