Primary

Context

runZero Platform MCP Endpoint Information Leak Vulnerability

Vulnerability

A vulnerability in the runZero Platform's MCP endpoints could have allowed authorized users to access records from organizations outside their own scope. This issue, categorized as CWE-863: Incorrect Authorization, has been resolved in version 4.0.260206.0.

Impact

Exploitation of this vulnerability could have led to unauthorized access to confidential asset information, potentially allowing for targeted attacks against the affected organization.

Remediation

Users can update to runZero Platform version 4.0.260206.0 to address this vulnerability.

Added: Apr 7, 2026, 5:13 PM

Updated: Apr 7, 2026, 5:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

runZero Platform MCP Endpoint Information Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating