Authorization Flaw in RunZero Explorer by RunZero
CVE-2026-5383

4.4MEDIUM

Key Information:

Vendor: Runzero
Status: Explorer
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5383?

A vulnerability in RunZero Explorer has emerged due to improper authorization controls, potentially allowing unauthorized access to Explorer groups beyond sanctioned organizational boundaries. This flaw is categorized under CWE-863, emphasizing the critical need for adequate authorization mechanisms. Users are urged to update to version 4.0.260208.0, where this issue has been remediated, to ensure the integrity and security of their systems.

Affected Version(s)

Explorer 0 < 4.0.260208.0

References

https://help.runzero.com/docs/release-notes/#402602080

release-notes

https://www.runzero.com/advisories/runzero-explorer-cve-2...

vendor-advisory

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

runZero

CVE-2026-5383 Data

JSON

Runzero

What is CVE-2026-5383?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit