CVE-2026-5373HIGH 8.4EPSS p12.4%

CVE-2026-5373CVE-2026-5373

Description

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N (8.1 High). This issue was fixed in version 4.0.260202.0 of the runZero Platform.

Scoring

CVSS 3.18.4 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 12.4% · 2026-06-18T12:00:27Z
Published2026-04-07
Last modified2026-04-21

Underlying weaknesses· 1

CWE-269

References

  1. https://help.runzero.com/docs/release-notes/#402602020
  2. https://www.runzero.com/advisories/runzero-platform-su-privesc-cve-2026-5373/

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-6356
CVE
CVE-2026-3999
CVE
CVE-2026-8046
CVE
CVE-2026-22337
CVE
CVE-2026-23595
CVE
CVE-2025-8660
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.