CVE-2026-5378
Incorrect Authorization in runZero Platform Allows Cross-Org User Modification
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260203.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5378 is a vulnerability in the runZero Platform that allowed administrators to create and update user accounts outside of their authorized organizational scope. This means that an administrator could manage users in organizations they were not supposed to have access to, which is an example of incorrect authorization (CWE-863).
The flaw enabled an attacker with administrative privileges to insert new user accounts within a targeted organization, potentially establishing a persistent access point to gather internal organizational information.
This issue was fixed in version 4.0.260203.0 of the runZero Platform.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker with administrative privileges to create or update user accounts outside their authorized organization, which can lead to unauthorized persistent access within your organization.
Such unauthorized access could be used to gather internal organizational information, potentially compromising the integrity of your systems and data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized creation and updating of user accounts outside an administrator's authorized organizational scope in the runZero Platform.
Detection would require monitoring administrative actions related to user account management, especially looking for user creation or updates that occur outside expected organizational boundaries.
However, no specific detection commands or network signatures are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed in version 4.0.260203.0 of the runZero Platform.
Immediate mitigation steps include updating the runZero Platform to version 4.0.260203.0 or later to apply the fix.
Additionally, review and enforce strict authorization controls to ensure administrators cannot create or update users outside their authorized organizational scope.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allowed administrators to create and update users outside of their authorized organizational scope, which could lead to unauthorized persistent access within an organization.
Such unauthorized access and incorrect authorization controls may increase the risk of non-compliance with standards and regulations that require strict access controls and user management, such as GDPR and HIPAA.
However, the provided information does not explicitly state the direct impact on compliance with these regulations.