{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5384", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "state": "PUBLISHED", "assignerShortName": "runZero", "dateReserved": "2026-04-01T20:20:42.640Z", "datePublished": "2026-04-07T14:12:42.547Z", "dateUpdated": "2026-04-07T19:59:57.769Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:42.547Z"}, "title": "runZero Platform incorrect credential scope", "datePublic": "2026-04-07T14:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.26021.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.<br>"}]}], "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602100", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-cve-2026-5384/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N"}}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.26021.0 of the runZero Platform", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue was fixed in version 4.0.26021.0 of the runZero Platform"}]}], "credits": [{"lang": "en", "value": "runZero", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T19:54:15.338081Z", "id": "CVE-2026-5384", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T19:59:57.769Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5384", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T19:54:15.338081Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T19:54:57.681Z"}}], "cna": {"title": "runZero Platform incorrect credential scope", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "runZero"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.26021.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was fixed in version 4.0.26021.0 of the runZero Platform", "supportingMedia": [{"type": "text/html", "value": "This issue was fixed in version 4.0.26021.0 of the runZero Platform", "base64": false}]}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602100", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-cve-2026-5384/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "value": "An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:12:42.547Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5384", "state": "PUBLISHED", "dateUpdated": "2026-04-07T19:59:57.769Z", "dateReserved": "2026-04-01T20:20:42.640Z", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "datePublished": "2026-04-07T14:12:42.547Z", "assignerShortName": "runZero"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:runzero:runzero_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB50183C-07CE-4A4C-A00A-2EBE71BFCE08", "versionEndExcluding": "4.0.26021.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform."}], "id": "CVE-2026-5384", "lastModified": "2026-04-21T15:40:40.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}, "published": "2026-04-07T15:17:48.720", "references": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Release Notes"], "url": "https://help.runzero.com/docs/release-notes/#402602100"}, {"source": "44488dab-36db-4358-99f9-bc116477f914", "tags": ["Vendor Advisory"], "url": "https://www.runzero.com/advisories/runzero-platform-cve-2026-5384/"}], "sourceIdentifier": "44488dab-36db-4358-99f9-bc116477f914", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,4.0.26021.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Platform", "source": "cna", "vendor": "runZero"}, "product": "platform", "vendor": "runzero"}], "analysis": {"en": {"generated_at": "2026-04-07T20:07:04.720582+00:00", "value": {"mitigation_remediation": ["Update the runZero Platform to version 4.0.26021.0 or later", "Verify that credential scopes are correctly limited to the intended organization after applying the patch", "Enable logging and review transaction logs for anomalous credential usage"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Credential Access"}, "threat_synthesis": {"affected_systems": "The issue affects the runZero Platform for any version prior to 4.0.26021.0. Users running an older release should identify whether they are on a vulnerable build. No other vendors or products are explicitly listed as impacted.", "description_and_impact": "The vulnerability allows a credential to be updated and then used for a task outside the authorized organization scope, effectively granting an attacker access to resources or actions they should not be able to perform. This flaw falls under Incorrect Authorization (CWE\u2011863) and could let a user leverage compromised or improperly scoped credentials to manipulate or access data within the platform. The impact is confined to confidentiality and integrity, with no direct denial\u2011of\u2011service effect reported.", "risk_and_exploitability": "The CVSS score of 5.8 indicates medium severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited widespread exploitation. No EPSS score is available, so the likelihood of real\u2011world attacks remains uncertain. The attack vector is not explicitly stated, but given the nature of credential manipulation via the platform, it is likely achievable through API or web interfaces with elevated privileges. Appropriate auditing and segmentation of credentials can mitigate potential abuse."}}}}, "created": "2026-04-08T19:37:38.128096+00:00", "updated": "2026-04-08T19:49:09.109063+00:00", "vendors": ["runzero", "runzero$PRODUCT$platform"]}