CVE-2026-5384
Incorrect Authorization in runZero Platform Allows Credential Update Abuse
Publication date: 2026-04-07
Last updated on: 2026-04-21
Assigner: 44488dab-36db-4358-99f9-bc116477f914
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| runzero | runzero_platform | to 4.0.26021.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5384 is a vulnerability in the runZero Platform related to incorrect authorization (CWE-863). It allows an authenticated user who has confidential information about a target organization to update and use a credential for tasks outside their authorized organizational scope.
This means the user can perform actions and access credentials in organizations they normally should not have access to, effectively bypassing intended access controls.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to confidential credentials and allow execution of tasks outside the authorized organizational boundaries.
This unauthorized access can compromise the confidentiality of sensitive information, potentially exposing credentials that should remain restricted.
The CVSS score indicates a medium severity with a high confidentiality impact but no impact on integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an authenticated user being able to update and use credentials outside their authorized organizational scope in the runZero Platform. Detection would require monitoring for unauthorized credential updates or usage across organizational boundaries.
Since the vulnerability requires high privileges and network access, detection could involve auditing logs for credential changes or task executions that cross organizational scopes.
The provided resources do not include specific commands or tools to detect this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the runZero Platform to version 4.0.26021.0 or later, where this vulnerability has been fixed.
Additionally, restrict access to users with high privileges and monitor credential updates to ensure they occur only within authorized organizational scopes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an authenticated user to update and use credentials outside their authorized organizational scope, potentially exposing confidential credentials associated with other organizations. Such unauthorized access to confidential information could lead to violations of data protection and privacy regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.
Because the vulnerability impacts confidentiality by enabling unauthorized viewing of credentials, it may increase the risk of non-compliance with standards that mandate confidentiality and proper authorization mechanisms.