Unauthorized Information Exposure in RunZero Platform
CVE-2026-5381

2.2LOW

Key Information:

Vendor: Runzero
Status: Platform
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5381?

An issue has been identified in the RunZero Platform where task information could potentially be exposed outside the authorized organizational boundaries. This vulnerability falls under the category of CWE-863: Incorrect Authorization, leading to unauthorized access to sensitive data. The vulnerability has been addressed in version 4.0.260205.0 of the RunZero Platform, ensuring that task details remain protected from unauthorized users.

Affected Version(s)

Platform 0 < 4.0.260205.0

References

https://help.runzero.com/docs/release-notes/#402602050

release-notes

https://www.runzero.com/advisories/runzero-platform-task-...

vendor-advisory

CVSS V3.1

Score:

2.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

runZero

CVE-2026-5381 Data

JSON