Incorrect Authorization Vulnerability in runZero Platform
CVE-2026-5382

3LOW

Key Information:

Vendor: Runzero
Status: Platform
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5382?

A security vulnerability has been identified in the runZero Platform, where improper authorization can lead to unauthorized exposure of sensitive records through MCP endpoints. This flaw potentially enables malicious actors to access data outside the limits intended for their organizational scope, should they exploit this weakness. The issue has been addressed in version 4.0.260206.0 of the platform, emphasizing the importance of regular updates to maintain security integrity.

Affected Version(s)

Platform 0 < 4.0.260206.0

References

https://help.runzero.com/docs/release-notes/#402602060

release-notes

https://www.runzero.com/advisories/runzero-platform-mcp-i...

vendor-advisory

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

runZero

CVE-2026-5382 Data

JSON