THREATOPS
THREAT OPSThreat News › Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining

Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining

lowsnykPublished 2026-04-27

Two authentication bypass vulnerabilities (CVE-2026-3965, CVE-2026-4047) in the Qinglong task scheduling panel were exploited in the wild to deploy cryptomining malware. Here's what happened, how the attacks worked, and what self-hosted application operators should learn from this incident.

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://snyk.io/blog/qinglong-task-scheduler-rce-vulnerabilities/