Zero Day MonitorZDM

← Back to list

5.8

CVE-2026-5384PATCHED

runzero · platform

runZero Platform incorrect credential scope

Description

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.

Affected Products

Vendor	Product	Versions
runzero	platform	0

References

https://help.runzero.com/docs/release-notes/#402602100(release-notes)
https://www.runzero.com/advisories/runzero-platform-cve-2026-5384/(vendor-advisory)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-5384 | runZero Platform prior 4.0.26021.0 Organization authorization

→ No new info (linked only)

CVSS 3.15.8 MEDIUM

VectorCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.0.26021.0

CWECWE-863

PublishedApr 7, 2026

Last enriched6h agov2

Trending Score23

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-5376

runZero Platform session timeout failure

HIGHCVE-2026-5380

runZero Platform cleartext secret exposure

HIGHCVE-2026-5378

runZero Platform user creation leak

MEDIUMCVE-2026-5383

runZero Explorer missing authorization check

MEDIUMCVE-2026-5382

runZero Platform MCP endpoint information leak

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 7, 2026

Discovered by ZDM

Apr 7, 2026

Updated: description

Apr 7, 2026

Patch Available

Apr 7, 2026

Version History

v2

Last enriched 6h ago

v2Tier C6h ago

Updated description with new details about the vulnerability and corrected exploit availability.

description

via VulDB

v17h ago

Initial creation