CVE-2026-5373

Published: Apr 7, 2026Modified: Apr 21, 2026

8.4

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Exploitability: 1.7 / Impact: 6.0

Source: NVD

Description

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform.

Affected (1)

Products: Runzero: Runzero Platform

1 product

Runzero Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Runzero Runzero Platform	Before 4.0.260202.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://help.runzero.com/docs/release-notes/#402602020

Source: 44488dab-36db-4358-99f9-bc116477f914

Release Notes

https://www.runzero.com/advisories/runzero-platform-su-privesc-cve-2026-5373/

Source: 44488dab-36db-4358-99f9-bc116477f914

Vendor Advisory

Timeline

No history available yet.