CVE-2026-31983

Summary

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

Affected Software

VendorProductVersion RangeStatus
Nozomi NetworksGuardian0 < 26.2.0affected
Nozomi NetworksCMC0 < 26.2.0affected

Weaknesses

  • CWE-306: CWE-306 Missing authentication for critical function

Workarounds

Use internal firewall features to limit access to the web management interface.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References