88 matches found
CVE-2026-5379 runZero Platform MCP certification information leak
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5379
The CVE-2026-5379 issue affects the runZero Platform (MCP certification workflow). It describes a vulnerability where MCP agents could access certificate information outside their authorized organization scope due to improper authorization (CWE-863). The documented impact is low (CVSS v3.1: 3.0) ...
CVE-2026-5379
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5379 runZero Platform MCP certification information leak
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5378
An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...
CVE-2026-5378 runZero Platform user creation leak
An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...
CVE-2026-5378
The CVE-2026-5378 issue affects the runZero Platform. Affected component: user management functionality in the RunZero platform. Description indicates an Incorrect Authorization flaw that allowed administrators to create and update users outside of their authorized organization scope. Root cause ...
CVE-2026-5378 runZero Platform user creation leak
An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...
CVE-2026-5376 runZero Platform session timeout failure
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2026-5376
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2026-5376 runZero Platform session timeout failure
An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...
CVE-2026-5376
The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....
CVE-2026-5375 runZero Platform API credential information leak
An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...
CVE-2026-5375 runZero Platform API credential information leak
An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...
CVE-2026-5375
An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...
CVE-2026-5375
The CVE describes an API credential information leak in runZero Platform. Affected component: Platform API responses exposing sensitive fields to users with credential access. Root cause: improper exposure of credential data (CWE-200). Impact is described as Low (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U...
CVE-2026-5374
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...
CVE-2026-5374 runZero Platform MCP information leak
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...
CVE-2026-5374
CVE-2026-5374 affects the runZero Platform MCP component. The issue is due to Incorrect Authorization that allowed MCP agents to access remediation and asset information outside the authorized scope, exposing confidentiality. The CVSS v3.1 vector is AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N with a base...
CVE-2026-5373
The issue affects the runZero Platform and is a privilege-escalation vulnerability (CWE-269) where all-organization administrators could promote accounts to superuser status. Root cause is improper privilege management leading to elevated access. Impact aligns with CVSS v3.1: High (8.1) with no a...