CVE-2026-5379
Incorrect Authorization in runZero MCP Agents Exposes Certificates
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260203.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allowed MCP agents to access certificate information outside their authorized organizational scope, which constitutes incorrect authorization and unauthorized data access.
Such unauthorized access to certificate information could potentially lead to exposure of sensitive organizational data, which may impact compliance with data protection regulations like GDPR or HIPAA that require strict control over access to sensitive information.
However, the confidentiality impact is rated as low (CVSS score 3.0), and there is no indication of direct integrity or availability impact.
Therefore, while the vulnerability represents a risk of unauthorized data exposure that could affect compliance, the limited scope and low impact suggest the overall compliance risk is relatively low but should still be addressed to maintain regulatory adherence.
Can you explain this vulnerability to me?
CVE-2026-5379 is a security vulnerability in the runZero Platform involving MCP (Managed Certificate Proxy) agents. It allowed these agents to access certificate information outside of their authorized organizational scope, meaning they could see certificate details from other organizations they should not have access to.
This is an example of CWE-863: Incorrect Authorization, where the system fails to properly restrict access to sensitive information.
How can this vulnerability impact me? :
The vulnerability could allow authorized users leveraging the MCP API to obtain certificate details from other organizations, potentially exposing sensitive information.
Attackers could use this unauthorized access to gather intelligence about targeted organizations, which might facilitate further attacks.
However, the impact is considered low with a CVSS score of 3.0, indicating limited confidentiality impact and no impact on integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the runZero Platform to version 4.0.260203.0 or later, where the issue has been fixed.