CVE-2026-5373
CVE-2026-5373
8.1
HighPublished:
Last updated:
Source:44488dab-36db-4358-99f9-bc116477f914
Analyzed
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- Required
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- None
Description
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform.
References
44488dab-36db-4358-99f9-bc116477f914
https://help.runzero.com/docs/release-notes/#40260202044488dab-36db-4358-99f9-bc116477f914
https://www.runzero.com/advisories/runzero-platform-su-privesc-cve-2026-5373/