CVE-2026-5381
Received Received - Intake

Incorrect Authorization in runZero Platform Exposes Task Data

Vulnerability report for CVE-2026-5381, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-07

Last updated on: 2026-04-21

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N (2.2 Low). This issue was fixed in version 4.0.260205.0 of the runZero Platform.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-07
Last Modified
2026-04-21
Generated
2026-07-06
AI Q&A
2026-04-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
runzero runzero_platform to 4.0.260205.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-5381 is a vulnerability in the runZero Platform that involves an information leak of task data beyond authorized organizational boundaries.

Specifically, an authorized runZero user could access information from certain task types belonging to a targeted organization that they normally should not have permission to view.

This vulnerability is classified as CWE-863: Incorrect Authorization, meaning the system does not properly restrict access to information based on organizational authorization.

Compliance Impact

This vulnerability involves an information leak of task data beyond authorized organizational boundaries, which could potentially expose sensitive information to unauthorized users.

Such unauthorized exposure of information may have implications for compliance with standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and protection of organizational information.

However, the vulnerability has a low confidentiality impact (CVSS score 2.2) and requires high privileges and attack complexity, which may limit the risk of widespread data exposure.

The issue was fixed in version 4.0.260205.0 of the runZero Platform, mitigating the risk of non-compliance due to this vulnerability.

Impact Analysis

This vulnerability could allow an attacker with authorized access to the runZero Platform to view task information from other organizations that they should not be able to see.

Such exposure could provide attackers with additional insights into the types of tasks running within the targeted organization and some associated data.

These insights might help attackers craft more effective attack tactics against the targeted organization.

However, the impact is considered low with a CVSS score of 2.2, indicating limited confidentiality impact and no integrity or availability impact.

Detection Guidance

This vulnerability involves an information leak in the runZero Platform where an authorized user could access task information beyond their organizational scope. Detection would involve monitoring for unauthorized access attempts to task data within the runZero Platform.

Since the vulnerability requires high privileges and network access, detection could focus on auditing user access logs and network traffic for unusual or unauthorized queries to task information.

No specific commands or detection tools are provided in the available information.

Mitigation Strategies

The primary mitigation step is to upgrade the runZero Platform to version 4.0.260205.0 or later, where this vulnerability has been fixed.

Additionally, ensure that user privileges are properly managed to limit access to sensitive task information only to authorized personnel.

Monitor and audit user activities to detect any unauthorized access attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5381. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart