CVE-2026-5383
Incorrect Authorization in runZero Explorer Allows Unauthorized Group Access
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.260208.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-5383 is a security vulnerability in runZero Explorer caused by a missing authorization check, classified as CWE-863: Incorrect Authorization.
This flaw allows an authenticated user who has confidential information about a target organization to access Explorer groups outside their authorized organizational scope.
How can this vulnerability impact me? :
Exploiting this vulnerability could enable an attacker to disable Explorers within the targeted organization.
This can create blind spots in routine security assessments, potentially reducing the effectiveness of security monitoring and response.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update runZero Explorer to version 4.0.260208.0 or later, where the issue has been fixed.