A serious security threat has emerged around Qinglong, an open-source task automation platform widely used by developers. Two critical vulnerabilities are now being actively exploited by attackers to gain unauthorized access and deploy cryptomining malware on exposed servers. These flaws, identified as CVE-2026-3965 and CVE-2026-4047, impact all versions up to 2.20.1 and have raised significant concerns within the cybersecurity community.
The vulnerabilities were discovered by researchers at Snyk, who found that both issues stem from inconsistencies between authentication checks and routing behavior in the platform. In simple terms, the system fails to properly verify whether a user is authorized before allowing access to sensitive administrative functions, making it easier for attackers to bypass protections entirely.
One of the flaws allows attackers to manipulate URL paths to access restricted API endpoints without authentication. By sending a specially crafted request, an attacker can reset admin credentials and take full control of the system. The second vulnerability is even more dangerous, as it enables direct remote code execution by exploiting case sensitivity mismatches in request handling. This means attackers can execute commands on the server without needing any login credentials at all.
What makes the situation more alarming is that exploitation began weeks before the vulnerabilities were publicly disclosed. Since early February 2026, attackers have been using these weaknesses to install cryptomining malware on compromised systems. The malware is cleverly disguised as a legitimate system process using the name “.fullgc,” mimicking a common Java memory management operation to avoid detection. Once active, it consumes system resources aggressively, often driving CPU usage to near 100 percent.
These attacks have affected servers hosted in cloud environments as well, including instances flagged by Alibaba Cloud for suspicious activity. Even systems protected behind reverse proxies and SSL configurations have not been immune, showing how easily these vulnerabilities can be exploited when the core authentication logic is flawed.
The maintainers of Qinglong have acknowledged the issue and released a patch that addresses the root cause by fixing how authentication is handled at the middleware level. Users are strongly advised to update to the latest version immediately and inspect their systems for signs of compromise, particularly the presence of unusual files or processes linked to the attack.
This incident highlights a broader security lesson: when authentication systems and application routing do not align properly, it creates dangerous gaps that attackers can exploit with minimal effort. As more organizations rely on automation tools and self-hosted platforms, ensuring consistent and secure access controls is becoming increasingly critical.
Recommended Cyber Technology News :
- Vect 2.0 Emerges as a Multi-Platform Ransomware Threat Targeting Enterprise
- Australia Post & Alpha Level Expands AI Cybersecurity
- Embry-Riddle Leads Aerospace Cybersecurity Push
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
