CVE-2026-3965

High PUBLISHED

whyour qinglong API express.ts protection mechanism

whyour · qinglong

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
5.3 Medium

At a Glance

A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the argument command leads to protection mechanism failure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.20.2 is able to address this issue. The identifier of the patch is 6bec52dca158481258315ba0fc2f11206df7b719. It is advisable to upgrade the affected component. The code maintainer was informed beforehand about the issues. He reacted very fast and highly professional.

CVE Published
Mar 11, 2026
Exploitation Reported
Apr 10, 2026
CVSS
5.3 Medium
EPSS
Remote Low complexity No user interaction

Affected Versions

Vendor Product Version Status
whyour
qinglong

2.20.0

Affected
whyour
qinglong

2.20.1

Affected
whyour
qinglong

2.20.2

Unaffected

CVE References

Show 4 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.