What is the CVSS score of EUVD-2026-19636?

EUVD-2026-19636 has a CVSS 3.1 base score of 2.7 (Low). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-19636?

Yes, a patch is available for EUVD-2026-19636. Update the affected software to the latest version immediately.

Platform EUVD-2026-19636

| CVE-2026-5375 LOW

Information Exposure (CWE-200)

2026-04-07 runZero

GHSA-5fhv-ppcw-vh7h

Information Disclosure Platform

2.7

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

2.7 LOW

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

4.0.260203.0

EUVD ID Assigned

Apr 07, 2026 - 14:30 euvd

EUVD-2026-19636

Analysis Generated

Apr 07, 2026 - 14:30 vuln.today

CVE Published

Apr 07, 2026 - 14:11 nvd

LOW 2.7

DescriptionCVE.org

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N (2.7 Low). This issue was fixed in version 4.0.260203.0 of the runZero Platform.

AnalysisAI

runZero Platform API exposes sensitive credential fields to high-privilege users via unauthenticated remote requests, allowing information disclosure of confidential data. Affected versions prior to 4.0.260203.0 permit high-privilege account holders to retrieve sensitive fields through API responses that should be restricted. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 2.7 (Low severity) reflects multiple mitigating factors: the attack requires high privileges (PR:H), network attack vector is available (AV:N) but low complexity (AC:L), and the impact is limited to confidentiality (C:L) with no integrity or availability damage (I:N/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An administrator whose credentials or API token are compromised by phishing or malware can query the runZero Platform API to retrieve stored credentials including usernames, passwords, tokens, or other sensitive authentication material that should be redacted in API responses. Alternatively, a disgruntled insider with high-privilege access can systematically export credential data from the platform to exfiltrate intellectual property or enable lateral movement to external systems that rely on the same credentials. …
Remediation	Vendor-released patch: runZero Platform 4.0.260203.0 and later. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-19636 vulnerability details – vuln.today

Back

Platform EUVD-2026-19636

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code