What is the CVSS score of CVE-2026-5384?

CVE-2026-5384 has a CVSS 3.1 base score of 5.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-5384?

Yes, a patch is available for CVE-2026-5384. Update the affected software to the latest version immediately.

Platform CVE-2026-5384

EUVD-2026-19703 MEDIUM

Incorrect Authorization (CWE-863)

2026-04-07 runZero

GHSA-fj9r-v5j5-9xf4

Authentication Bypass Platform

5.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.8 MEDIUM

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

4.0.26021.0

EUVD ID Assigned

Apr 07, 2026 - 15:00 euvd

EUVD-2026-19703

Analysis Generated

Apr 07, 2026 - 15:00 vuln.today

CVE Published

Apr 07, 2026 - 14:12 nvd

MEDIUM 5.8

DescriptionCVE.org

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N (5.8 Medium). This issue was fixed in version 4.0.26021.0 of the runZero Platform.

AnalysisAI

Credential scope bypass in runZero Platform allows high-privileged administrators to update credentials and apply them to tasks outside their authorized organization scope, resulting in unauthorized information disclosure. The vulnerability affects runZero Platform versions prior to 4.0.26021.0 and requires administrative privileges to exploit. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS vector (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N) reflects a 5.8 Medium severity despite confidentiality impact because exploitation requires high privileges (PR:H), high attack complexity (AC:H), and no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An administrator with high privileges but legitimately scoped to Organization A gains awareness of credentials belonging to Organization B (potentially through error messages, logs, or UI information leakage). The admin modifies or reassigns these credentials to a task under their control in Organization B, allowing them to execute reconnaissance or lateral movement within the cross-organization scope. …
Remediation	Upgrade runZero Platform to version 4.0.26021.0 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-5384 vulnerability details – vuln.today

Back

Platform CVE-2026-5384

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code