{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5382", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "state": "PUBLISHED", "assignerShortName": "runZero", "dateReserved": "2026-04-01T20:20:40.699Z", "datePublished": "2026-04-07T14:12:23.331Z", "dateUpdated": "2026-04-07T15:38:38.395Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:23.331Z"}, "title": "runZero Platform MCP endpoint information leak", "datePublic": "2026-04-07T14:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.260206.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of \nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (3.0 Low). This issue was fixed in version 4.0.260206.0 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of <br>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (3.0 Low). This issue was fixed in version 4.0.260206.0 of the runZero Platform.<br>"}]}], "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602060", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-mcp-infoleak-cve-2026-5382/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "LOW", "baseScore": 3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.260206.0 of the runZero Platform", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue was fixed in version 4.0.260206.0 of the runZero Platform"}]}], "credits": [{"lang": "en", "value": "runZero", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T15:27:23.682839Z", "id": "CVE-2026-5382", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:38:38.395Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5382", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T15:27:23.682839Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T15:32:09.059Z"}}], "cna": {"title": "runZero Platform MCP endpoint information leak", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "runZero"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.260206.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.260206.0 of the runZero Platform", "supportingMedia": [{"type": "text/html", "value": "This issue was fixed in version 4.0.260206.0 of the runZero Platform", "base64": false}]}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602060", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-mcp-infoleak-cve-2026-5382/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of \nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (3.0 Low). This issue was fixed in version 4.0.260206.0 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "value": "An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of <br>CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (3.0 Low). This issue was fixed in version 4.0.260206.0 of the runZero Platform.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:23.331Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5382", "state": "PUBLISHED", "dateUpdated": "2026-04-07T15:38:38.395Z", "dateReserved": "2026-04-01T20:20:40.699Z", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "datePublished": "2026-04-07T14:12:23.331Z", "assignerShortName": "runZero"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:runzero:runzero_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "B38AA8F8-701F-4D7B-892A-A1183B095A32", "versionEndExcluding": "4.0.260206.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of \nCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N (3.0 Low). This issue was fixed in version 4.0.260206.0 of the runZero Platform."}], "id": "CVE-2026-5382", "lastModified": "2026-04-21T15:37:26.777", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.0, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}, "published": "2026-04-07T15:17:48.390", "references": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Release Notes"], "url": "https://help.runzero.com/docs/release-notes/#402602060"}, {"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Vendor Advisory"], "url": "https://www.runzero.com/advisories/runzero-platform-mcp-infoleak-cve-2026-5382/"}], "sourceIdentifier": "44488dab-36db-4358-99f9-bc116477f914", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.0.260206.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Platform", "source": "cna", "vendor": "runZero"}, "product": "platform", "vendor": "runzero"}], "analysis": {"en": {"generated_at": "2026-04-07T20:07:58.433648+00:00", "value": {"mitigation_remediation": ["Update the runZero Platform to version 4.0.260206.0 or later to apply the vendor\u2013provided fix.", "Verify that all users and applications have correct authorization scopes and that no over\u2011privileged credentials exist.", "Monitor API usage logs for anomalous requests to MCP endpoints to detect any potential misuse."], "summary": {"action": "Patch", "impact": "Sensitive data exposure through MCP endpoints"}, "threat_synthesis": {"affected_systems": "The issue affects the runZero Platform. Any deployment running a version prior to 4.0.260206.0 is potentially vulnerable, while versions 4.0.260206.0 and later include the fix.", "description_and_impact": "The vulnerability is an instance of incorrect authorization that permits the MCP endpoints to expose records outside the intended organization scope. This misauthorization can lead to the disclosure of confidential data, affecting confidentiality but not integrity or availability. The likely attack vector is via network access to the endpoints, exploiting the lack of proper authorization checks, as indicated by the CVSS vector AV:N. The CVSS score of 3.0 reflects a low risk severity but still represents a data confidentiality issue.", "risk_and_exploitability": "This vulnerability has a low CVSS score of 3.0 and no EPSS data is available. It is not referenced in the CISA KEV catalog. Exploitation requires network accessibility to the MCP endpoints and the existence of a user with permissions to query those endpoints. The breach could allow an attacker to harvest records that they should not have access to, thereby violating data privacy constraints."}}}}, "created": "2026-04-08T19:37:40.403653+00:00", "updated": "2026-04-08T19:49:11.390500+00:00", "vendors": ["runzero", "runzero$PRODUCT$platform"]}