CVE-2026-5376

| EUVD-2026-19692 MEDIUM
2026-04-07 runZero
5.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

3
Analysis Generated
Apr 07, 2026 - 15:00 vuln.today
EUVD ID Assigned
Apr 07, 2026 - 15:00 euvd
EUVD-2026-19692
CVE Published
Apr 07, 2026 - 14:11 nvd
MEDIUM 5.9

Tags

Information Disclosure

Description

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N (5.9 Medium). This issue was fixed in version 4.0.260203.0 of the runZero Platform.

Analysis

Session inactivity timeouts fail to trigger in runZero Platform due to automatic page reloading, allowing authenticated administrators to maintain unauthorized access beyond intended session expiration windows. This CWE-613 resource control vulnerability affects runZero Platform versions prior to 4.0.260203.0 and requires high-privilege authentication, with confirmed confidentiality and integrity impacts. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

30
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2026-5376 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy