CVE-2026-5373
HIGH WAF: Low
CVSS 8.4
Published: 2026-04-07
CWE-269
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| runzero | runzero_platform | up to 4.0.260202.0 |
References
- help.runzero.com (Release Notes)
- www.runzero.com (Vendor Advisory)