{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5380", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "state": "PUBLISHED", "assignerShortName": "runZero", "dateReserved": "2026-04-01T20:20:38.604Z", "datePublished": "2026-04-07T14:12:05.649Z", "dateUpdated": "2026-04-07T15:03:47.654Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:05.649Z"}, "title": "runZero Platform cleartext secret exposure", "datePublic": "2026-04-07T14:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.260204.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of\nCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of<br>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.<br>"}]}], "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602042", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-cleartext-exposure-cve-2026-5380/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.260204.2 of the runZero Platform", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue was fixed in version 4.0.260204.2 of the runZero Platform"}]}], "credits": [{"lang": "en", "value": "runZero", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:03:36.808071Z", "id": "CVE-2026-5380", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:03:47.654Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T15:03:36.808071Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:03:39.723Z"}}], "cna": {"title": "runZero Platform cleartext secret exposure", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "runZero"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.260204.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.260204.2 of the runZero Platform", "supportingMedia": [{"type": "text/html", "value": "This issue was fixed in version 4.0.260204.2 of the runZero Platform", "base64": false}]}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602042", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-cleartext-exposure-cve-2026-5380/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of\nCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "value": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of<br>CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:05.649Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5380", "state": "PUBLISHED", "dateUpdated": "2026-04-07T15:03:47.654Z", "dateReserved": "2026-04-01T20:20:38.604Z", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "datePublished": "2026-04-07T14:12:05.649Z", "assignerShortName": "runZero"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:runzero:runzero_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "80353729-6385-4864-AF94-5EFCA6C45982", "versionEndExcluding": "4.0.260204.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of\nCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (5.3 Medium). This issue was fixed in version 4.0.260204.2 of the runZero Platform."}], "id": "CVE-2026-5380", "lastModified": "2026-04-21T15:34:22.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}, "published": "2026-04-07T15:17:48.070", "references": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Release Notes"], "url": "https://help.runzero.com/docs/release-notes/#402602042"}, {"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Vendor Advisory"], "url": "https://www.runzero.com/advisories/runzero-platform-cleartext-exposure-cve-2026-5380/"}], "sourceIdentifier": "44488dab-36db-4358-99f9-bc116477f914", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.0.260204.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Platform", "source": "cna", "vendor": "runZero"}, "product": "platform", "vendor": "runzero"}], "analysis": {"en": {"generated_at": "2026-04-07T20:08:46.393503+00:00", "value": {"mitigation_remediation": ["Upgrade the runZero Platform to version 4.0.260204.2 or later."], "summary": {"action": "Patch", "impact": "Data Exposure"}, "threat_synthesis": {"affected_systems": "The runZero Platform is affected. Users running any version of the Platform prior to 4.0.260204.2 are vulnerable.", "description_and_impact": "An authorized user can view clear\u2011text secrets for certain credential types and fields. This results in loss of confidentiality, allowing attackers with legitimate access to retrieve sensitive authentication data. The weakness is identified as CWE\u2011522, Insufficiently Protected Credentials, and is rated as a medium severity vulnerability.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate risk. Because susceptibility requires legitimate authorization, the attack vector is internal and limited to users with existing access. No exploit probability data or KEV listing is available, and no publicly disclosed exploit has been reported."}}}}, "created": "2026-04-08T19:37:42.571341+00:00", "updated": "2026-04-08T19:49:13.603192+00:00", "vendors": ["runzero", "runzero$PRODUCT$platform"]}