CVE-2026-5373
Improper Privilege Management in runZero Allows Superuser Escalation
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260202.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves improper privilege management that allows escalation to superuser status, which could lead to unauthorized access and persistent control over sensitive systems.
Such unauthorized privilege escalation can impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data to prevent unauthorized disclosure or modification.
By enabling attackers to maintain persistent superuser access, this vulnerability could increase the risk of data breaches or misuse, thereby potentially violating regulatory requirements related to data confidentiality and integrity.
Can you explain this vulnerability to me?
CVE-2026-5373 is a high-severity vulnerability in the runZero Platform that allowed all-organization administrators to escalate privileges by promoting accounts to superuser status.
This issue is classified under CWE-269: Improper Privilege Management, meaning that the system did not properly restrict privilege escalation.
An attacker with all-organization administrator rights could exploit this flaw to create backup superuser accounts, ensuring persistent access even if discovered during an incident.
The vulnerability was identified during an internal security review and fixed in version 4.0.260202.0 of the runZero Platform.
How can this vulnerability impact me? :
This vulnerability can have a significant impact by allowing an attacker with all-organization administrator privileges to escalate their access to superuser status.
Such privilege escalation can lead to unauthorized creation of superuser accounts, which can maintain persistent and high-level access to the system.
This persistent access could be used to manipulate, steal, or destroy sensitive data, severely compromising the confidentiality and integrity of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper privilege management allowing all-organization administrators to promote accounts to superuser status. Detection would involve auditing user account privileges and checking for unauthorized superuser accounts created by all-organization administrators.
Since the vulnerability is specific to the runZero Platform prior to version 4.0.260202.0, verifying the platform version is a key step.
- Check the runZero Platform version to ensure it is 4.0.260202.0 or later.
- Audit user accounts with superuser privileges to detect any unexpected or unauthorized accounts.
- Review logs or audit trails for any privilege escalation activities performed by all-organization administrators.
Specific commands or tools are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the runZero Platform to version 4.0.260202.0 or later, where this vulnerability has been fixed.
Additionally, review and restrict the privileges of all-organization administrators to prevent unauthorized privilege escalation.
Audit existing superuser accounts to identify and remove any unauthorized accounts created through this vulnerability.
Implement monitoring and alerting for privilege escalation activities to detect any attempts to exploit this issue.