CVE-2026-5373 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: April 7, 2026
runZero Platform - Privilege Escalation
Overview
runZero Platform < 4.0.260202.0 contains an improper privilege management vulnerability caused by all-organization administrators being able to promote accounts to superuser status, letting privileged attackers escalate privileges, exploit requires administrator privileges and user interaction.
Severity & Score
Impact
Privileged administrators can escalate accounts to superuser, leading to full system control and data compromise.
Mitigation
Update to version 4.0.260202.0 or later.
References
Social Media Activity(2 posts)
š CVE-2026-5373 - High (8.1) An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H... š https://www.thehackerwire.com/vulnerability/CVE-2026-5373/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-5373 - High (8.1) An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H... š https://www.thehackerwire.com/vulnerability/CVE-2026-5373/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-5373
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_access_control
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-269
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N