Platform
linux
Component
cronicle
Fixed in
0.9.112
CVE-2026-39401 affects Cronicle, a multi-server task scheduler and runner. This vulnerability allows a low-privilege user to escalate their privileges by modifying event configurations, potentially altering webhook URLs and notification emails. The issue impacts versions 0.9.0 through 0.9.10, and a fix is available in version 0.9.111.
CVE-2026-39401 in Cronicle allows low-privilege users to modify any event's configuration, including webhook URLs and notification emails. Prior to version 0.9.111, the server directly applies updates to the parent event's stored configuration without authorization checks when a 'jb' child process includes an 'update_event' key in its JSON output. An attacker could exploit this to redirect notifications, intercept data, or even execute malicious code through compromised webhooks. The severity stems from the potential to compromise the integrity and confidentiality of data processed by Cronicle, and potentially the system's availability.
An attacker with the ability to create and run events in Cronicle can exploit this vulnerability. The attacker would create an event and, in the 'jb' child process's JSON output, include an 'update_event' key with the desired parameters to modify the parent event. Due to the lack of authorization checks, the server would directly apply these modifications. The ease of exploitation lies in the simplicity of JSON manipulation and the absence of proper access controls. The likelihood of exploitation is high if low-privilege users have the capability to create and run events.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
The fix for this vulnerability is to upgrade Cronicle to version 0.9.111 or later. This version introduces an authorization check to prevent unauthorized modification of event configurations. It is strongly recommended to apply this update as soon as possible to mitigate the risk of exploitation. Additionally, review existing event configurations to ensure they haven't been maliciously modified prior to the update. Monitoring Cronicle logs for suspicious activity can also help detect and respond to potential attacks. Implementing the principle of least privilege for Cronicle users is a general security best practice.
Actualice Cronicle a la versión 0.9.111 o posterior para mitigar la vulnerabilidad. Esta actualización corrige la falta de autorización en la aplicación de actualizaciones de eventos, previniendo la escalada de privilegios.
Vulnerability analysis and critical alerts directly to your inbox.
Cronicle is a multi-server task scheduler and runner with a web-based front-end UI.
Version 0.9.111 fixes the CVE-2026-39401 vulnerability, which allows unauthorized users to modify event configurations.
If you can't upgrade immediately, consider restricting access to event creation and execution to trusted users.
Review Cronicle logs for unexpected modifications to event configurations, especially webhook URLs and notification email addresses.
Currently, there are no specific tools, but a manual audit of event configurations is the best approach.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.