CVE-2026-5375
Sensitive Data Exposure via API in runZero Platform
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260203.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5375 is a vulnerability in the runZero Platform API that allowed a user with access to a specific integration credential to view sensitive fields in the API response that are normally not visible through the user interface.
This is an example of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, meaning sensitive information was exposed beyond intended access controls.
The vulnerability requires a user with high privileges (PR:H) but no user interaction, and it results in limited confidentiality impact without affecting integrity or availability.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker who already has legitimate access to certain credentials to gain additional sensitive information about the internal workings of the organization.
This additional exposure of sensitive credential data could increase the risk of further attacks or misuse of information within the organization.
However, the impact is limited to confidentiality and does not affect the integrity or availability of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authorized user with access to a specific integration credential being able to view sensitive fields in the runZero Platform API response beyond what is normally visible. Detection would require verifying if API responses expose sensitive credential information that should not be accessible.
Since the vulnerability requires high privileges and access to specific credentials, detection commands would focus on monitoring API calls and responses for unauthorized exposure of sensitive fields.
- Use API request logging to capture and review responses for sensitive credential fields.
- Run queries or scripts that simulate authorized user API calls to check if sensitive fields are exposed beyond the user interface.
- Monitor access logs for unusual or excessive API requests from users with high privileges.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves exposure of sensitive information to an unauthorized actor with high privileges, which could potentially lead to unauthorized access to sensitive data.
Such exposure of sensitive information may have implications for compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.
However, the vulnerability requires high privileges and does not affect integrity or availability, and it was fixed in a timely manner in version 4.0.260203.0 of the runZero Platform.
No explicit information about direct compliance impact or regulatory violations is provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed in version 4.0.260203.0 of the runZero Platform. The immediate mitigation step is to upgrade the runZero Platform to version 4.0.260203.0 or later.
Additionally, restrict access to integration credentials to only trusted users with a need for such access, as the vulnerability requires high privileges.
Review and audit API access permissions and monitor API usage to detect any unauthorized attempts to access sensitive information.