Two authentication bypass vulnerabilities (CVE-2026-3965, CVE-2026-4047) in the Qinglong task scheduling panel were exploited in the wild to deploy cryptomining malware. Here's what happened, how the attacks worked, and what self-hosted application operators should learn from this incident.
Qinglong task scheduler
Malware
CVE-2026-3965
Snyk Blog
Refer to CVE-2026-3965 NVD advisory