Primary

Context

runZero Explorer Incorrect Authorization Vulnerability Allowing Unauthorized Access to Explorer Groups

Vulnerability

A vulnerability in runZero Explorer could allow access to Explorer groups from outside the authorized organization scope. This issue, related to incorrect authorization, was identified during a routine code security review and has an estimated CVSS score of 4.4 (Medium). The vulnerability was present in versions prior to 4.0.260208.0.

Impact

Exploitation of this vulnerability could lead to unauthorized access to runZero Explorers associated with the targeted organization, allowing an authenticated user to disable Explorers and create blind spots in routine assessments.

Remediation

Users can update to runZero Explorer version 4.0.260208.0 or later to address this vulnerability.

Added: Apr 7, 2026, 5:13 PM

Updated: Apr 7, 2026, 5:13 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

runZero Explorer Incorrect Authorization Vulnerability Allowing Unauthorized Access to Explorer Groups

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating