CVE-2026-5381
Incorrect Authorization in runZero Platform Exposes Task Data
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260205.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5381 is a vulnerability in the runZero Platform that involves an information leak of task data beyond authorized organizational boundaries.
Specifically, an authorized runZero user could access information from certain task types belonging to a targeted organization that they normally should not have permission to view.
This vulnerability is classified as CWE-863: Incorrect Authorization, meaning the system does not properly restrict access to information based on organizational authorization.
How can this vulnerability impact me? :
This vulnerability could allow an attacker with authorized access to the runZero Platform to view task information from other organizations that they should not be able to see.
Such exposure could provide attackers with additional insights into the types of tasks running within the targeted organization and some associated data.
These insights might help attackers craft more effective attack tactics against the targeted organization.
However, the impact is considered low with a CVSS score of 2.2, indicating limited confidentiality impact and no integrity or availability impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an information leak in the runZero Platform where an authorized user could access task information beyond their organizational scope. Detection would involve monitoring for unauthorized access attempts to task data within the runZero Platform.
Since the vulnerability requires high privileges and network access, detection could focus on auditing user access logs and network traffic for unusual or unauthorized queries to task information.
No specific commands or detection tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the runZero Platform to version 4.0.260205.0 or later, where this vulnerability has been fixed.
Additionally, ensure that user privileges are properly managed to limit access to sensitive task information only to authorized personnel.
Monitor and audit user activities to detect any unauthorized access attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves an information leak of task data beyond authorized organizational boundaries, which could potentially expose sensitive information to unauthorized users.
Such unauthorized exposure of information may have implications for compliance with standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and protection of organizational information.
However, the vulnerability has a low confidentiality impact (CVSS score 2.2) and requires high privileges and attack complexity, which may limit the risk of widespread data exposure.
The issue was fixed in version 4.0.260205.0 of the runZero Platform, mitigating the risk of non-compliance due to this vulnerability.