{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5372", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "state": "PUBLISHED", "assignerShortName": "runZero", "dateReserved": "2026-04-01T19:51:10.741Z", "datePublished": "2026-04-07T14:10:08.773Z", "dateUpdated": "2026-04-07T14:50:25.766Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:10:08.773Z"}, "title": "runZero Platform SQL injection in saved queries", "datePublic": "2026-04-07T14:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')", "type": "CWE"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "4.0.260123.0", "lessThan": "4.0.260123.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.<br>"}]}], "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602020", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-saved-sqli-cve-2026-5372/", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "This issue was fixed in version\u00a04.0.260123.1 of the runZero Platform", "supportingMedia": [{"type": "text/html", "base64": false, "value": "This issue was fixed in version&nbsp;4.0.260123.1 of the runZero Platform"}]}], "credits": [{"lang": "en", "value": "runZero", "type": "finder"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:31:58.179989Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:50:25.766Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5372", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T14:31:58.179989Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T14:44:19.479Z"}}], "cna": {"title": "runZero Platform SQL injection in saved queries", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "runZero"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "runZero", "product": "Platform", "versions": [{"status": "affected", "version": "4.0.260123.0", "lessThan": "4.0.260123.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This issue was fixed in version\u00a04.0.260123.1 of the runZero Platform", "supportingMedia": [{"type": "text/html", "value": "This issue was fixed in version&nbsp;4.0.260123.1 of the runZero Platform", "base64": false}]}], "datePublic": "2026-04-07T14:00:00.000Z", "references": [{"url": "https://help.runzero.com/docs/release-notes/#402602020", "tags": ["release-notes"]}, {"url": "https://www.runzero.com/advisories/runzero-platform-saved-sqli-cve-2026-5372/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.", "supportingMedia": [{"type": "text/html", "value": "An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection')"}]}], "providerMetadata": {"orgId": "44488dab-36db-4358-99f9-bc116477f914", "shortName": "runZero", "dateUpdated": "2026-04-07T14:10:08.773Z"}}}, "cveMetadata": {"cveId": "CVE-2026-5372", "state": "PUBLISHED", "dateUpdated": "2026-04-07T14:50:25.766Z", "dateReserved": "2026-04-01T19:51:10.741Z", "assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914", "datePublished": "2026-04-07T14:10:08.773Z", "assignerShortName": "runZero"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H (6.4 Medium). This issue was fixed in version 4.0.260123.1 of the runZero Platform."}], "id": "CVE-2026-5372", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}, "published": "2026-04-07T15:17:46.973", "references": [{"source": "44488dab-36db-4358-99f9-bc116477f914", "url": "https://help.runzero.com/docs/release-notes/#402602020"}, {"source": "44488dab-36db-4358-99f9-bc116477f914", "url": "https://www.runzero.com/advisories/runzero-platform-saved-sqli-cve-2026-5372/"}], "sourceIdentifier": "44488dab-36db-4358-99f9-bc116477f914", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "44488dab-36db-4358-99f9-bc116477f914", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[4.0.260123.0,4.0.260123.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Platform", "source": "cna", "vendor": "runZero"}, "product": "platform", "vendor": "runzero"}], "analysis": {"en": {"generated_at": "2026-04-07T21:05:24.836150+00:00", "value": {"mitigation_remediation": ["Update runZero Platform to version 4.0.260123.1 or later"], "summary": {"action": "Patch Immediately", "impact": "Data confidentiality, integrity, and availability compromise"}, "threat_synthesis": {"affected_systems": "The affected product is runZero Platform. Versions prior to 4.0.260123.1 contain the vulnerability; the issue was addressed and fixed in release 4.0.260123.1. Users running the earlier build, particularly 4.0.260123.0, must upgrade to the patched version to eliminate the risk.", "description_and_impact": "An SQL injection flaw exists in runZero Platform\u2019s saved queries feature, first appearing in release 4.0.260123.0. The vulnerability allows an attacker to inject arbitrary SQL commands through manipulated query parameters. As a result, the attacker could read, modify, or delete records in the platform\u2019s database, directly impacting confidentiality, integrity, and availability of the stored data. This weakness maps to CWE\u201189 and carries a CVSS v3.1 score of 6.4, indicating medium severity.", "risk_and_exploitability": "The medium CVSS score reflects a reasonable risk level, but the lack of EPSS data or KEV listing suggests exploitation may not be widespread yet. The likely attack vector requires authenticated access that permits creation or editing of saved queries\u2014typically through the web UI or API. When an attacker supplies a crafted query, the unsanitized input is executed against the database, potentially exposing or tampering with sensitive information."}}}}, "created": "2026-04-08T19:37:49.963678+00:00", "updated": "2026-04-08T19:49:21.514805+00:00", "vendors": ["runzero", "runzero$PRODUCT$platform"]}