Platform
other
Component
runzero-platform
Fixed in
4.0.260202.0
CVE-2026-5373 describes a Privilege Escalation vulnerability within the runZero Platform. This flaw allows all-organization administrators to improperly promote accounts to superuser status, bypassing intended access controls. The vulnerability impacts versions from 0.0.0 through 4.0.260202.0 and has been resolved in version 4.0.260202.0.
The primary impact of CVE-2026-5373 is the potential for unauthorized access and control within the runZero Platform. An attacker, posing as an all-organization administrator, could exploit this vulnerability to elevate any account to superuser privileges. This grants them complete control over the platform, including the ability to modify configurations, access sensitive data, and potentially compromise other systems integrated with runZero. The blast radius extends to any data or systems managed through the runZero platform, making this a significant security concern.
CVE-2026-5373 was publicly disclosed on 2026-04-07. As of this writing, there are no publicly available proof-of-concept exploits. The vulnerability is not currently listed on CISA KEV. The EPSS score is pending evaluation, but the HIGH CVSS score suggests a potential for exploitation if a suitable exploit is developed and becomes publicly available.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-5373 is to immediately upgrade the runZero Platform to version 4.0.260202.0 or later, which contains the fix. If an immediate upgrade is not feasible, carefully review all administrator accounts and their permissions. Implement multi-factor authentication (MFA) for all administrator accounts to add an extra layer of security. Monitor administrator activity logs for any suspicious behavior, particularly account promotions. After upgrading, confirm the fix by verifying that standard user accounts cannot be promoted to superuser status through the administrative interface.
Update the runZero Platform to version 4.0.260202.0 or later to mitigate the privilege escalation vulnerability. This update corrects an issue that allowed all-organization administrators to promote accounts to superusers, which could compromise system security.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5373 is a HIGH severity vulnerability allowing all-organization administrators to promote accounts to superuser status in runZero Platform, potentially granting unauthorized access.
If you are running runZero Platform versions 0.0.0–4.0.260202.0, you are potentially affected by this vulnerability. Upgrade immediately.
Upgrade to version 4.0.260202.0 or later to remediate the vulnerability. Review administrator permissions and implement MFA.
As of now, there are no confirmed reports of active exploitation, but the HIGH CVSS score warrants vigilance.
Refer to the official runZero security advisory for detailed information and updates: [https://www.runzero.io/security/advisories](https://www.runzero.io/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.