Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible unauthenticated endpoint with no special conditions; only limited confidentiality impact applies as no private keys, passwords, or session data are exposed.
Primary rating from Vendor (Nozomi).
CVSS VectorVendor: Nozomi
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
AnalysisAI
Unauthenticated access to the SSH keys synchronization endpoint in Nozomi Networks Guardian and CMC exposes user enumeration data and SSH public keys to any network-reachable attacker. By sending a single unauthenticated request to this endpoint, an attacker can retrieve usernames, group memberships, and uploaded SSH public keys - providing meaningful reconnaissance into the OT security platform's user base. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS 4.0 vector (PR:N/AC:L/AT:N) confirms exploitation requires no authentication, no special attack complexity, and no attack prerequisites beyond network reachability to the SSH keys synchronization endpoint on Guardian or CMC. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N) describes a trivially exploitable, zero-prerequisite network attack with limited confidentiality impact and no integrity or availability consequence - consistent with the 6.9 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to the Guardian or CMC management interface sends a single unauthenticated HTTP request to the SSH keys synchronization endpoint. The server returns a structured response containing usernames, group memberships, and SSH public keys for all users who have uploaded key material. … |
| Remediation | Consult the Nozomi Networks advisory at https://security.nozominetworks.com/NN-2026:10-01 and apply the vendor-released patch - exact fixed version numbers were not included in available intelligence and must be confirmed from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7
Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to
A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us
Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth
Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth
Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat
OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42533
GHSA-jmhq-wjwf-9x96