Skip to main content

Nozomi Guardian CVE-2026-33390

| EUVDEUVD-2026-42536 HIGH
Incorrect Privilege Assignment (CWE-266)
2026-07-09 Nozomi GHSA-w68v-42v6-6q7h
7.2
CVSS 4.0 · Vendor: Nozomi
Share

Severity by source

Vendor (Nozomi) PRIMARY
7.2 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Network-reachable sync abusable by an authenticated limited user (PR:L, AC:L) with no confidentiality impact but full config-integrity and availability loss on the device.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Nozomi).

CVSS VectorVendor: Nozomi

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 09, 2026 - 09:02 EUVD
Analysis Generated
Jul 09, 2026 - 08:36 vuln.today

DescriptionCVE.org

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability.

AnalysisAI

Privilege escalation via configuration synchronization in Nozomi Networks Guardian and Central Management Console (CMC) lets an authenticated low-privilege user push administrative CLI commands to managed Arc sensors, because those sensors incorrectly inherit CLI permissions during sync. Successful abuse alters device configuration and can degrade or disable sensor availability, undermining OT/ICS monitoring integrity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as limited-privilege user
Delivery
Access sync/management interface
Exploit
Craft administrative CLI commands
Execution
Push commands to Arc sensors via sync
Impact
Alter configuration or disable sensor availability

Vulnerability AssessmentAI

Exploitation Requires an authenticated account with limited privileges on a Nozomi Guardian/CMC deployment (PR:L) plus network access to the management/synchronization interface (AV:N); no user interaction and no non-default feature toggle is described - the flaw resides in the standard sync-to-Arc-sensor configuration path, and the specific prerequisite is that the account can invoke the synchronization functionality that pushes config to Arc sensors. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H, base 7.2) indicates a network-reachable attack requiring only low privilege, no user interaction, and no special attack requirements, with high integrity and availability impact but no confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds a legitimate limited-privilege account on a Guardian/CMC deployment authenticates over the network and crafts administrative CLI commands, then triggers the synchronization function to push them to one or more Arc sensors. Because the sensors incorrectly accept CLI permissions from the sync, the commands execute administratively, letting the attacker rewrite sensor configuration or knock the sensor offline. …
Remediation Apply the fix described in Nozomi Networks advisory NN-2026:13-01 (https://security.nozominetworks.com/NN-2026:13-01); an exact patched version is not included in the provided data, so obtain the fixed build directly from that advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: restrict Guardian and CMC administrative console access to essential personnel and audit current user permission assignments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2020-7049 HIGH POC
7.3 Jun 30

Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection. Rated high severity (CVSS 7

CVE-2020-15307 MEDIUM POC
6.1 Jun 30

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to

CVE-2023-29245 CRITICAL
9.2 Sep 19

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields us

CVE-2026-31984 HIGH
8.7 Jul 09

Disk-exhaustion denial of service in Nozomi Networks Guardian and Central Management Console (CMC) lets a remote, unauth

CVE-2026-39911 HIGH
8.7 Apr 09

Authenticated Standard Registry users can execute arbitrary Node.js code in Hashgraph Guardian ≤3.5.0 through unsandboxe

CVE-2023-2567 HIGH
8.7 Sep 19

A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in ce

CVE-2023-23574 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_

CVE-2023-22378 HIGH
8.7 Aug 09

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting

CVE-2022-0551 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticat

CVE-2022-0550 HIGH
8.6 Mar 24

Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an auth

CVE-2021-26725 HIGH
8.6 Feb 22

Path Traversal vulnerability when changing timezone using web GUI of Nozomi Networks Guardian, CMC allows an authenticat

CVE-2021-26724 HIGH
8.6 Feb 22

OS Command Injection vulnerability when changing date settings or hostname using web GUI of Nozomi Networks Guardian and

Share

CVE-2026-33390 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy