Threat actors have been actively exploiting two critical authentication bypass vulnerabilities in Qinglong, a widely used open-source task scheduling platform, to deploy cryptomining malware on exposed servers since early February 2026. Discovered and disclosed by Snyk researchers, the flaws affect all versions up to and including 2.20.1 and are now tracked as CVE-2026-3965 and CVE-2026-4047. Qinglong refers to a self-hosted task […] The post Qinglong Vulnerabilities Enable RCE, Exploited in Attacks appeared first on Cyber Security News.