Credential Update Vulnerability in runZero Platform by RunZero
CVE-2026-5384

5.8MEDIUM

Key Information:

Vendor: Runzero
Status: Platform
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5384?

This vulnerability in the runZero Platform involves a flaw that enables unauthorized credential updates and actions outside of the permitted organizational scope. This issue, related to incorrect authorization practices, poses significant risks to security by potentially allowing malicious actors to execute tasks using compromised credentials. The vulnerability has been addressed in version 4.0.26021.0, ensuring that credential handling adheres to stricter authorization measures to enhance overall security.

Affected Version(s)

Platform 0 < 4.0.26021.0

References

https://help.runzero.com/docs/release-notes/#402602100

release-notes

https://www.runzero.com/advisories/runzero-platform-cve-2...

vendor-advisory

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

runZero

CVE-2026-5384 Data

JSON

Runzero

What is CVE-2026-5384?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit