Runzero Platform
12 CVEs affecting Runzero Platform. Latest disclosed: 2026-05-05. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5373 | High | 8.1 | 2026-04-07 | An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privi… |
CVE-2026-5372 | Medium | 6.4 | 2026-04-07 | An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neut… |
CVE-2026-5376 | Medium | 5.9 | 2026-04-07 | An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insu… |
CVE-2026-5384 | Medium | 5.8 | 2026-04-07 | An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instan… |
CVE-2026-5378 | Medium | 5.8 | 2026-04-07 | An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-86… |
CVE-2026-5374 | Medium | 5.8 | 2026-04-07 | An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an in… |
CVE-2026-5380 | Medium | 5.3 | 2026-04-07 | An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance… |
CVE-2026-7778 | Medium | 5.0 | 2026-05-05 | An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CW… |
CVE-2026-5382 | Low | 3.0 | 2026-04-07 | An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: In… |
CVE-2026-5379 | Low | 3.0 | 2026-04-07 | An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance o… |
CVE-2026-5375 | Low | 2.7 | 2026-04-07 | An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200… |
CVE-2026-5381 | Low | 2.2 | 2026-04-07 | An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authoriza… |