Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining

In February 2026, Qinglong, a popular open-source task management platform mainly used by Chinese developers, was exploited for cryptomining due to two authentication bypass vulnerabilities, allowing attackers to run unauthorized code on users' servers. These vulnerabilities, which included issues with URL rewriting and case-sensitive path matching, were formally reported on February 27, 2026. However, users had noticed unusual CPU spikes weeks earlier due to the .fullgc cryptominer, which was injected into Qinglong's configuration files to run persistently in the background. The vulnerabilities were addressed by prioritizing fixes to the authentication layer, emphasizing the importance of addressing root causes over merely blocking attack payloads. This incident underscores the necessity of rigorous security practices for self-hosted applications, such as monitoring for unusual resource usage, ensuring effective authentication, and maintaining up-to-date software to mitigate potential vulnerabilities.