An issue in the runZero Platform permitted administrators to create or modify users beyond their authorized organization scope. This vulnerable behavior enabled the creation of new accounts or the alteration of existing ones without appropriate authorization checks, potentially granting attackers or rogue administrators access to sensitive data within other organizations. The flaw is identified as CWE‑863, representing Incorrect Authorization. The estimated CVSS score of 5.8 indicates a medium severity effect; the vulnerability does not compromise confidentiality or availability directly but can elevate the attacker’s privileges to a level that may expose internal resources.

The vulnerability applies to the runZero Platform, specifically affecting instances that rely on its user management module. The issue exists in all versions prior to 4.0.260203.0 and was explicitly fixed in that release. Users of earlier Platform versions are at risk unless they upgrade the software.

The medium CVSS score reflects the need for administrative access to exploit the flaw. No publicly available exploit details are documented, and the EPSS score is not provided. Since the vulnerability is not listed in the CISA KEV catalog, there is no known large‑scale exploitation record. Nevertheless, the attack may be carried out by any user with existing administrative privileges who can exploit the authorization bypass to create or update users outside their designated scope. The impact is limited to the compromise of isolation boundaries between organizational accounts rather than system control or data breach.