CVE-2026-8480

Summary

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)

A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

Affected Software

VendorProductVersion RangeStatus
StormshieldStormshield Network Security4.3.0 <= 4.3.41affected
StormshieldStormshield Network Security4.4.0 <= 4.8.15affected
StormshieldStormshield Network Security5.0.2 EA <= 5.0.5affected

Weaknesses

  • CWE-295: CWE-295 Improper certificate validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References