runZero Platform dashboard configuration exposure

CVE	CVE-2026-7778
State	PUBLISHED
Assigner	runZero
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-05 14:16:09 UTC
Updated	2026-05-07 15:12:06 UTC
Description	An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This issue was fixed in version v4.0.260416.0 of the runZero Platform.

Primary CVSS: v3.1 5 MEDIUM from 44488dab-36db-4358-99f9-bc116477f914

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS: 0.000280000 probability, percentile 0.081200000 (date 2026-05-12)

Problem Types: CWE-269 | CWE-269 CWE-269 Improper Privilege Management

Version	Source	Type	Score	Severity	Vector
3.1	44488dab-36db-4358-99f9-bc116477f914	Secondary	5	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N`
3.1	CNA	CVSS	5	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Source	Vendor	Product	Version	Platforms
CNA	RunZero	Platform	affected 4.0.260416.0 semver	Not specified

Reference	Source	Link	Tags
www.runzero.com/advisories/runzero-platform-dashboard-configuration-exposure-...	44488dab-36db-4358-99f9-bc116477f914	www.runzero.com
help.runzero.com/docs/release-notes	44488dab-36db-4358-99f9-bc116477f914	help.runzero.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: runZero (en)

CNA: Tod Beardsley of runZero (en)

There are currently no legacy QID mappings associated with this CVE.