← volver
CVE-2026-5383

runZero Explorer missing authorization check

CVSS 4.4 MEDIUMEPSS 0.2%CWE-863
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
07 abr 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L (4.4 Medium). This issue was fixed in version 4.0.260208.0 of the runZero Explorer.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L
Productos afectados
runZero · Explorer

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://help.runzero.com/docs/release-notes/#402602080https://www.runzero.com/advisories/runzero-explorer-cve-2026-5383/