Improper Privilege Management in RunZero Platform
CVE-2026-7778

5MEDIUM

Key Information:

Vendor: Runzero
Status: Platform
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-7778?

An issue has been identified in the RunZero Platform that allows for unauthorized viewing of dashboard configurations outside the designated organizational boundaries. This vulnerability is classified under improper privilege management, posing risks to sensitive configuration information. The issue has been addressed in the latest version, ensuring that existing guardrails are strengthened to prevent any potential unauthorized access.

Affected Version(s)

Platform 0 < 4.0.260416.0

References

https://www.runzero.com/advisories/runzero-platform-dashb...

vendor-advisory

https://help.runzero.com/docs/release-notes/#402604160

release-notes

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 4, 2026

Credit

runZero

Tod Beardsley of runZero

CVE-2026-7778 Data

JSON