CVE-2026-7778
Awaiting Analysis Awaiting Analysis - Queue
Improper Privilege Management in runZero Platform

Publication date: 2026-05-05

Last updated on: 2026-05-07

Assigner: 44488dab-36db-4358-99f9-bc116477f914

Description
An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This issue was fixed in version v4.0.260416.0 of the runZero Platform.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7778
EUVD
EUVD-2026-27331
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
runzero platform 4.0.260416.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7778 is an improper privilege management vulnerability in the runZero Platform dashboard. It allows an attacker with valid runZero credentials to view dashboard configurations that belong to organizations outside their authorized scope.

This means that someone could access sensitive information about another organization's exposure and asset management strategies without permission.

Impact Analysis

The vulnerability could allow unauthorized users to gain insights into your organization's dashboard configurations, including details about your exposure and asset management.

This unauthorized access could be leveraged for targeted attacks against your organization by revealing sensitive security posture information.

Detection Guidance

This vulnerability involves improper privilege management in the runZero Platform dashboard, allowing unauthorized viewing of dashboard configurations outside the authorized organization scope.

Detection would require verifying whether dashboard configurations are accessible by users from outside their authorized organization, particularly by users with valid runZero credentials.

No specific commands or detection methods are provided in the available resources.

Mitigation Strategies

The vulnerability was fixed in version v4.0.260416.0 of the runZero Platform.

Immediate mitigation steps include upgrading the runZero Platform to version v4.0.260416.0 or later to ensure the fix is applied.

Additionally, review user privileges to ensure that only authorized users have access to dashboard configurations.

Compliance Impact

The vulnerability in CVE-2026-7778 allows unauthorized users with valid credentials to access dashboard configurations outside their authorized organization scope. This improper privilege management could lead to exposure of sensitive organizational data related to asset management and exposure insights.

Such unauthorized access may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive information and protection of organizational data privacy. Exposure of dashboard configurations to unauthorized parties could be considered a failure in access control and data confidentiality requirements under these regulations.

However, the provided information does not explicitly state the direct compliance impact or any regulatory breach resulting from this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7778. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart