CVE-2026-5382
Incorrect Authorization in runZero MCP Endpoints Exposes Records
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260206.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5382 is an information leak vulnerability in the runZero Platform's MCP (Management Control Plane) endpoint. It is classified as CWE-863: Incorrect Authorization.
This vulnerability allows an authorized user to query the MCP endpoint and potentially access confidential asset records belonging to organizations outside their authorized scope.
Although the attacker cannot precisely control which records are exposed, this unauthorized data access could facilitate crafting more targeted attacks against those organizations.
The vulnerability has a CVSS 3.1 base score of 3.0 (Low), indicating it requires high privileges and has a low confidentiality impact without affecting integrity or availability.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authorized user with high privileges to access confidential asset records of other organizations outside their authorized scope.
Such unauthorized data exposure could enable attackers to gather information that helps them craft more targeted and potentially more effective attacks against those organizations.
However, the impact is considered low in terms of confidentiality, and it does not affect data integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the runZero Platform to version 4.0.260206.0 or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-5382 involves an information leak vulnerability that allows authorized users to access confidential asset records outside their authorized organizational scope. This unauthorized data exposure, even if limited, could potentially impact compliance with data protection regulations such as GDPR or HIPAA, which mandate strict controls on access to personal or sensitive information.
However, the vulnerability has a low confidentiality impact (CVSS score 3.0) and does not affect data integrity or availability. The issue was fixed in version 4.0.260206.0 of the runZero Platform, mitigating the risk of unauthorized data exposure.
Organizations using affected versions prior to the fix might face compliance risks due to potential unauthorized access to sensitive records, which could lead to violations of standards requiring proper authorization and data access controls.