What is the CVSS score of CVE-2026-5383?

CVE-2026-5383 has a CVSS 3.1 base score of 4.4 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-5383?

Yes, a patch is available for CVE-2026-5383. Update the affected software to the latest version immediately.

Explorer CVE-2026-5383

EUVD-2026-19701 MEDIUM

Incorrect Authorization (CWE-863)

2026-04-07 runZero

GHSA-542q-mcfv-688v

Authentication Bypass Explorer

4.4

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

4.4 MEDIUM

AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

4.0.260208.0

EUVD ID Assigned

Apr 07, 2026 - 15:00 euvd

EUVD-2026-19701

Analysis Generated

Apr 07, 2026 - 15:00 vuln.today

CVE Published

Apr 07, 2026 - 14:12 nvd

MEDIUM 4.4

DescriptionCVE.org

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4 Medium). This issue was fixed in version 4.0.260208.0 of the runZero Explorer.

AnalysisAI

RunZero Explorer versions prior to 4.0.260208.0 allow high-privileged authenticated users to access Explorer groups outside their authorized organization scope, enabling unauthorized cross-organizational information disclosure and potential service disruption. The vulnerability stems from incorrect authorization controls (CWE-863) and requires administrator-level credentials and high attack complexity to exploit. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents limited real-world risk despite its direct impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A runZero administrator in Organization A with high-level credentials could potentially enumerate or modify Explorer groups belonging to Organization B within the same runZero instance, assuming the instance supports multi-organization isolation and the attacker has detailed knowledge of the target organization's group identifiers. The high attack complexity requirement suggests this would require understanding internal API structures or group naming conventions; however, once an administrator authenticates, the authorization flaw could enable unauthorized cross-organizational access without additional user interaction.
Remediation	Upgrade runZero Explorer to version 4.0.260208.0 or later, which includes the authorization scope validation fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5383 vulnerability details – vuln.today

Back