EUVD-2026-19632

| CVE-2026-5372 MEDIUM

2026-04-07 runZero

6.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 07, 2026 - 14:30 vuln.today

EUVD ID Assigned

Apr 07, 2026 - 14:30 euvd

EUVD-2026-19632

CVE Published

Apr 07, 2026 - 14:10 nvd

MEDIUM 6.4

Description

An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.

Analysis

SQL injection in runZero Platform versions 4.0.260123.0 through 4.0.260123.0 allows authenticated high-privileged users to execute arbitrary SQL commands via improperly sanitized saved query parameters, potentially leading to unauthorized data access, modification, or deletion. The vulnerability requires high privileges, user interaction, and non-standard attack complexity, resulting in a CVSS 6.4 medium severity rating. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +32

POC: 0

EUVD-2026-19632 vulnerability details – vuln.today

Back

EUVD-2026-19632

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19632

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code