CVE-2026-5378
Received Received - Intake
Incorrect Authorization in runZero Platform Allows Cross-Org User Modification

Publication date: 2026-04-07

Last updated on: 2026-04-21

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description
An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N (5.8 Medium). This issue was fixed in version 4.0.260203.0 of the runZero Platform.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5378
EUVD
EUVD-2026-19694
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
runzero runzero_platform to 4.0.260203.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5378 is a vulnerability in the runZero Platform that allowed administrators to create and update user accounts outside of their authorized organizational scope. This means that an administrator could manage users in organizations they were not supposed to have access to, which is an example of incorrect authorization (CWE-863).

The flaw enabled an attacker with administrative privileges to insert new user accounts within a targeted organization, potentially establishing a persistent access point to gather internal organizational information.

This issue was fixed in version 4.0.260203.0 of the runZero Platform.

Impact Analysis

This vulnerability can impact you by allowing an attacker with administrative privileges to create or update user accounts outside their authorized organization, which can lead to unauthorized persistent access within your organization.

Such unauthorized access could be used to gather internal organizational information, potentially compromising the integrity of your systems and data.

Detection Guidance

This vulnerability involves unauthorized creation and updating of user accounts outside an administrator's authorized organizational scope in the runZero Platform.

Detection would require monitoring administrative actions related to user account management, especially looking for user creation or updates that occur outside expected organizational boundaries.

However, no specific detection commands or network signatures are provided in the available information.

Mitigation Strategies

The vulnerability was fixed in version 4.0.260203.0 of the runZero Platform.

Immediate mitigation steps include updating the runZero Platform to version 4.0.260203.0 or later to apply the fix.

Additionally, review and enforce strict authorization controls to ensure administrators cannot create or update users outside their authorized organizational scope.

Compliance Impact

The vulnerability allowed administrators to create and update users outside of their authorized organizational scope, which could lead to unauthorized persistent access within an organization.

Such unauthorized access and incorrect authorization controls may increase the risk of non-compliance with standards and regulations that require strict access controls and user management, such as GDPR and HIPAA.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart