Executive Summary

CVE-2026-5375 is a vulnerability in the runZero Platform API that allowed a user with access to a specific integration credential to view sensitive fields in the API response that are normally not visible through the user interface.

This is an example of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, meaning sensitive information was exposed beyond intended access controls.

The vulnerability requires a user with high privileges (PR:H) but no user interaction, and it results in limited confidentiality impact without affecting integrity or availability.

Useful 0 Not Useful 0

Impact Analysis

If exploited, this vulnerability could allow an attacker who already has legitimate access to certain credentials to gain additional sensitive information about the internal workings of the organization.

This additional exposure of sensitive credential data could increase the risk of further attacks or misuse of information within the organization.

However, the impact is limited to confidentiality and does not affect the integrity or availability of the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves an authorized user with access to a specific integration credential being able to view sensitive fields in the runZero Platform API response beyond what is normally visible. Detection would require verifying if API responses expose sensitive credential information that should not be accessible.

Since the vulnerability requires high privileges and access to specific credentials, detection commands would focus on monitoring API calls and responses for unauthorized exposure of sensitive fields.

• Use API request logging to capture and review responses for sensitive credential fields.
• Run queries or scripts that simulate authorized user API calls to check if sensitive fields are exposed beyond the user interface.
• Monitor access logs for unusual or excessive API requests from users with high privileges.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability was fixed in version 4.0.260203.0 of the runZero Platform. The immediate mitigation step is to upgrade the runZero Platform to version 4.0.260203.0 or later.

Additionally, restrict access to integration credentials to only trusted users with a need for such access, as the vulnerability requires high privileges.

Review and audit API access permissions and monitor API usage to detect any unauthorized attempts to access sensitive information.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability involves exposure of sensitive information to an unauthorized actor with high privileges, which could potentially lead to unauthorized access to sensitive data.

Such exposure of sensitive information may have implications for compliance with data protection standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

However, the vulnerability requires high privileges and does not affect integrity or availability, and it was fixed in a timely manner in version 4.0.260203.0 of the runZero Platform.

No explicit information about direct compliance impact or regulatory violations is provided in the available resources.

Useful 0 Not Useful 0