Primary

Context

runZero Platform Incorrect Credential Scope Vulnerability Allowing Unauthorized Access

Vulnerability

A vulnerability exists in the runZero Platform that could allow a credential to be updated and used for a task outside of the authorized organization scope. This issue, categorized as CWE-863: Incorrect Authorization, could enable an authenticated user to access confidential credentials from a different organization.

Impact

Exploitation of this vulnerability could lead to unauthorized access to credentials and tasks in an organization that the user does not normally have access to.

Remediation

Users can update to runZero Platform version 4.0.26021.0 to address this vulnerability.

Added: Apr 7, 2026, 5:09 PM

Updated: Apr 7, 2026, 5:09 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

runZero Platform Incorrect Credential Scope Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating