← Back

CVE-2026-5375

nvd nist
Published: Apr 7, 2026Modified: Apr 21, 2026

JSON object

Loading...
2.7
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.2 / Impact: 1.4
Source: 44488dab-36db-4358-99f9-bc116477f914 (Secondary)

Description

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N (2.7 Low). This issue was fixed in version 4.0.260203.0 of the runZero Platform.

Affected (1)

Runzero
1 product
Runzero Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Runzero Platform
Before 4.0.260203.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

Source: 44488dab-36db-4358-99f9-bc116477f914
Release Notes
Source: 44488dab-36db-4358-99f9-bc116477f914
Vendor Advisory

Timeline

No history available yet.