Skip to main content

Nozomi Guardian CVE-2026-31983

| EUVDEUVD-2026-42533 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-07-09 Nozomi GHSA-jmhq-wjwf-9x96
6.9
CVSS 4.0 · Vendor: Nozomi
Share

Severity by source

Vendor (Nozomi) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Network-accessible unauthenticated endpoint with no special conditions; only limited confidentiality impact applies as no private keys, passwords, or session data are exposed.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Nozomi).

CVSS VectorVendor: Nozomi

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 09:02 EUVD
Analysis Generated
Jul 09, 2026 - 08:55 vuln.today

DescriptionCVE.org

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

AnalysisAI

Unauthenticated access to the SSH keys synchronization endpoint in Nozomi Networks Guardian and CMC exposes user enumeration data and SSH public keys to any network-reachable attacker. By sending a single unauthenticated request to this endpoint, an attacker can retrieve usernames, group memberships, and uploaded SSH public keys - providing meaningful reconnaissance into the OT security platform's user base. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Guardian or CMC management interface on network
Delivery
Send unauthenticated HTTP request to SSH sync endpoint
Exploit
Receive user list with group memberships and public keys
Execution
Map OT security platform user base
Impact
Conduct targeted phishing or credential attacks against identified users

Vulnerability AssessmentAI

Exploitation The CVSS 4.0 vector (PR:N/AC:L/AT:N) confirms exploitation requires no authentication, no special attack complexity, and no attack prerequisites beyond network reachability to the SSH keys synchronization endpoint on Guardian or CMC. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N) describes a trivially exploitable, zero-prerequisite network attack with limited confidentiality impact and no integrity or availability consequence - consistent with the 6.9 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the Guardian or CMC management interface sends a single unauthenticated HTTP request to the SSH keys synchronization endpoint. The server returns a structured response containing usernames, group memberships, and SSH public keys for all users who have uploaded key material. …
Remediation Consult the Nozomi Networks advisory at https://security.nozominetworks.com/NN-2026:10-01 and apply the vendor-released patch - exact fixed version numbers were not included in available intelligence and must be confirmed from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2020-7049 HIGH POC
7.3 Jun 30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7

CVE-2020-15307 MEDIUM POC
6.1 Jun 30

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to

CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2026-39911 HIGH
8.7 Apr 09

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2021-26725 HIGH
8.6 Feb 22

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat

CVE-2021-26724 HIGH
8.6 Feb 22

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and

Share

CVE-2026-31983 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy