CVE-2026-5378
Received Received - Intake

Incorrect Authorization in runZero Platform Allows Cross-Org User Modification

Vulnerability report for CVE-2026-5378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-07

Last updated on: 2026-04-21

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N (5.8 Medium). This issue was fixed in version 4.0.260203.0 of the runZero Platform.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-07
Last Modified
2026-04-21
Generated
2026-07-06
AI Q&A
2026-04-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
runzero runzero_platform to 4.0.260203.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5378 is a vulnerability in the runZero Platform that allowed administrators to create and update user accounts outside of their authorized organizational scope. This means that an administrator could manage users in organizations they were not supposed to have access to, which is an example of incorrect authorization (CWE-863).

The flaw enabled an attacker with administrative privileges to insert new user accounts within a targeted organization, potentially establishing a persistent access point to gather internal organizational information.

This issue was fixed in version 4.0.260203.0 of the runZero Platform.

Impact Analysis

This vulnerability can impact you by allowing an attacker with administrative privileges to create or update user accounts outside their authorized organization, which can lead to unauthorized persistent access within your organization.

Such unauthorized access could be used to gather internal organizational information, potentially compromising the integrity of your systems and data.

Detection Guidance

This vulnerability involves unauthorized creation and updating of user accounts outside an administrator's authorized organizational scope in the runZero Platform.

Detection would require monitoring administrative actions related to user account management, especially looking for user creation or updates that occur outside expected organizational boundaries.

However, no specific detection commands or network signatures are provided in the available information.

Mitigation Strategies

The vulnerability was fixed in version 4.0.260203.0 of the runZero Platform.

Immediate mitigation steps include updating the runZero Platform to version 4.0.260203.0 or later to apply the fix.

Additionally, review and enforce strict authorization controls to ensure administrators cannot create or update users outside their authorized organizational scope.

Compliance Impact

The vulnerability allowed administrators to create and update users outside of their authorized organizational scope, which could lead to unauthorized persistent access within an organization.

Such unauthorized access and incorrect authorization controls may increase the risk of non-compliance with standards and regulations that require strict access controls and user management, such as GDPR and HIPAA.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart