PT-2026-30837 · Unknown · Runzero Platform

Runzero

Published

2026-04-07

Updated

2026-04-08

CVE-2026-5374

CVSS v3.1

5.8

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions runZero Platform versions prior to 4.0.260202.0

Description A flaw allowed MCP agents to access remediation and asset information outside of authorized organizational boundaries. This is categorized as incorrect authorization.

Recommendations Update to version 4.0.260202.0 or later.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-5374

Affected Products

Runzero Platform

PT-2026-30837 · Unknown · Runzero Platform

CVE-2026-5374

Weakness Enumeration

Related Identifiers

Affected Products

References · 5