What is the CVSS score of CVE-2026-5376?

CVE-2026-5376 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-5376?

Yes, a patch is available for CVE-2026-5376. Update the affected software to the latest version immediately.

Platform CVE-2026-5376

EUVD-2026-19692 MEDIUM

Insufficient Session Expiration (CWE-613)

2026-04-07 runZero

Information Disclosure Platform

5.9

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.9 MEDIUM

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

4.0.260203.0

EUVD ID Assigned

Apr 07, 2026 - 15:00 euvd

EUVD-2026-19692

Analysis Generated

Apr 07, 2026 - 15:00 vuln.today

CVE Published

Apr 07, 2026 - 14:11 nvd

MEDIUM 5.9

DescriptionCVE.org

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N (5.9 Medium). This issue was fixed in version 4.0.260203.0 of the runZero Platform.

AnalysisAI

Session inactivity timeouts fail to trigger in runZero Platform due to automatic page reloading, allowing authenticated administrators to maintain unauthorized access beyond intended session expiration windows. This CWE-613 resource control vulnerability affects runZero Platform versions prior to 4.0.260203.0 and requires high-privilege authentication, with confirmed confidentiality and integrity impacts. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 5.9 (Medium) is driven by network-accessible attack vector (AV:N), high attack complexity (AC:H), and high privilege requirement (PR:H), combined with high confidentiality and integrity impacts (C:H/I:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated administrator account is compromised or left unattended. An attacker leverages the automatic page reload feature to continuously refresh the application without triggering session inactivity timeout, maintaining access to administrative functions (user management, asset data modification, configuration changes) beyond the organization's intended session limit. …
Remediation	Upgrade runZero Platform to version 4.0.260203.0 or later, which includes the fix for session timeout enforcement. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5376 vulnerability details – vuln.today

Back

Platform CVE-2026-5376

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code