Vulnerability in Palo Alto Networks Chronosphere Chronocollector

CVE-2026-0239

An information disclosure vulnerability in the Chronosphere Chronocollector enables an unauthenticated attacker with network access to the collector service to retrieve sensitive information.

EPSS: 0.000 (8.7th percentile) — read the EPSS interpretation.

Affected products

Palo Alto Networks Chronosphere Chronocollector — versions 0.0.0

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

psirt@paloaltonetworks.com (vendor-advisory)