Runzero Runzero Platform — known CVE vulnerabilities
Every CVE whose affected-product data names Runzero Runzero Platform, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2026-5373 — CVSS 8.1 (high): An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of…
CVE-2026-5372 — CVSS 6.4 (medium): An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of…
CVE-2026-5376 — CVSS 5.9 (medium): An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an…
CVE-2026-5384 — CVSS 5.8 (medium): An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been…
CVE-2026-5374 — CVSS 5.8 (medium): An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been…
CVE-2026-5378 — CVSS 5.8 (medium): An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is…
CVE-2026-5380 — CVSS 5.3 (medium): An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved…
CVE-2026-5383 — CVSS 4.4 (medium): An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an…
CVE-2026-5379 — CVSS 3.0 (low): An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved…
CVE-2026-5382 — CVSS 3.0 (low): An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an…
CVE-2026-5375 — CVSS 2.7 (low): An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an…
CVE-2026-5381 — CVSS 2.2 (low): An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863…