Skip to main content

runZero Platform CVE-2026-7778

| EUVD-2026-27331 MEDIUM
Improper Privilege Management (CWE-269)
2026-05-05 runZero
Privilege Escalation
5.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
May 05, 2026 - 15:01 EUVD
Analysis Generated
May 05, 2026 - 14:30 vuln.today

DescriptionNVD

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This issue was fixed in version v4.0.260416.0 of the runZero Platform.

AnalysisAI

Cross-organization dashboard configuration disclosure in runZero Platform allows authenticated users to view sensitive dashboard configurations outside their authorized organization scope via network requests. The vulnerability stems from improper privilege management (CWE-269) and affects versions prior to v4.0.260416.0, enabling authenticated attackers with low privileges to escalate access and view confidential configuration data across organizational boundaries.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-7778 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy