What is the CVSS score of CVE-2026-5372?

CVE-2026-5372 has a CVSS 3.1 base score of 6.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-5372?

Yes, a patch is available for CVE-2026-5372. Update the affected software to the latest version immediately.

Platform CVE-2026-5372

EUVD-2026-19632 MEDIUM

SQL Injection (CWE-89)

2026-04-07 runZero

SQLi Platform

6.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.4 MEDIUM

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

4.0.260123.1

EUVD ID Assigned

Apr 07, 2026 - 14:30 euvd

EUVD-2026-19632

Analysis Generated

Apr 07, 2026 - 14:30 vuln.today

CVE Published

Apr 07, 2026 - 14:10 nvd

MEDIUM 6.4

DescriptionCVE.org

An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.

AnalysisAI

SQL injection in runZero Platform versions 4.0.260123.0 through 4.0.260123.0 allows authenticated high-privileged users to execute arbitrary SQL commands via improperly sanitized saved query parameters, potentially leading to unauthorized data access, modification, or deletion. The vulnerability requires high privileges, user interaction, and non-standard attack complexity, resulting in a CVSS 6.4 medium severity rating. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS v3.1 score of 6.4 (medium) reflects high confidentiality, integrity, and availability impact (C:H/I:H/A:H), multiple mitigating factors significantly reduce real-world exploitation risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A malicious insider or attacker with compromised high-privilege credentials in a runZero Platform instance could create a saved query containing SQL injection payloads targeting the underlying database. Upon execution or when another administrative user interacts with the malicious saved query, the injected SQL executes with database permissions, potentially exfiltrating sensitive asset data, modifying scan results, or deleting records. …
Remediation	Vendor-released patch: Upgrade runZero Platform from version 4.0.260123.0 to version 4.0.260123.1 or later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5372 vulnerability details – vuln.today

Back

Platform CVE-2026-5372

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code