CVE-2026-5383
Received Received - Intake
Incorrect Authorization in runZero Explorer Allows Unauthorized Group Access

Publication date: 2026-04-07

Last updated on: 2026-04-21

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description
An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4 Medium). This issue was fixed in version 4.0.260208.0 of the runZero Explorer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5383
EUVD
EUVD-2026-19701
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
runzero runzero_platform to 4.0.260208.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5383 is a security vulnerability in runZero Explorer caused by a missing authorization check, classified as CWE-863: Incorrect Authorization.

This flaw allows an authenticated user who has confidential information about a target organization to access Explorer groups outside their authorized organizational scope.

Impact Analysis

Exploiting this vulnerability could enable an attacker to disable Explorers within the targeted organization.

This can create blind spots in routine security assessments, potentially reducing the effectiveness of security monitoring and response.

Mitigation Strategies

To mitigate this vulnerability, you should update runZero Explorer to version 4.0.260208.0 or later, where the issue has been fixed.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5383. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart