12 matches found
CVE-2026-5379
The CVE-2026-5379 issue affects the runZero Platform (MCP certification workflow). It describes a vulnerability where MCP agents could access certificate information outside their authorized organization scope due to improper authorization (CWE-863). The documented impact is low (CVSS v3.1: 3.0) ...
CVE-2026-5381
CVE-2026-5381 concerns the runZero Platform where task information could be exposed outside the authorized organization scope due to an incorrect authorization (CWE-863). The issue carries a CVSS v3.1 base score of 2.2 (LOW), with vector AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N. The vulnerability is m...
CVE-2026-5382
The CVE-2026-5382 entry concerns the runZero Platform, specifically the MCP endpoint information leak. The underlying issue is CWE-863 (Incorrect Authorization), allowing records to be exposed outside the authorized organization scope via MCP endpoints. The CVSS v3.1 impact is low (3.0) with vect...
CVE-2026-5372
CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...
CVE-2026-5378
The CVE-2026-5378 issue affects the runZero Platform. Affected component: user management functionality in the RunZero platform. Description indicates an Incorrect Authorization flaw that allowed administrators to create and update users outside of their authorized organization scope. Root cause ...
CVE-2026-5375
The CVE describes an API credential information leak in runZero Platform. Affected component: Platform API responses exposing sensitive fields to users with credential access. Root cause: improper exposure of credential data (CWE-200). Impact is described as Low (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U...
CVE-2026-5376
The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....
CVE-2026-5384
The CVE-2026-5384 issue affects the runZero Platform, where a credential could be updated and subsequently used for a task outside the authorized organization scope. This is categorized as CWE-863: Incorrect Authorization. The vulnerability is tied to credential handling that allows scope to be b...
CVE-2026-5373
The issue affects the runZero Platform and is a privilege-escalation vulnerability (CWE-269) where all-organization administrators could promote accounts to superuser status. Root cause is improper privilege management leading to elevated access. Impact aligns with CVSS v3.1: High (8.1) with no a...
CVE-2026-5374
CVE-2026-5374 affects the runZero Platform MCP component. The issue is due to Incorrect Authorization that allowed MCP agents to access remediation and asset information outside the authorized scope, exposing confidentiality. The CVSS v3.1 vector is AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N with a base...
CVE-2026-5380
CVE-2026-5380 affects the runZero Platform and describes an issue where an authorized user could view clear-text secrets for a subset of credential types and fields (CWE-522: Insufficiently Protected Credentials). The vulnerability is attributed to improper protection of credentials and is rated ...
CVE-2026-5383
Summary: CVE-2026-5383 affects runZero Explorer, described as an incorrect authorization (CWE-863) that could allow access to Explorer groups from outside the authorized organization scope. It is scored CVSSv3.1: AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4, Medium) and has been fixed in runZero Expl...