Skip to main content

Stormshield Network Security EUVDEUVD-2026-41043

| CVE-2026-8480 MEDIUM
Improper Certificate Validation (CWE-295)
2026-07-01 airbus GHSA-2j5q-9jw8-9qj5
4.3
CVSS 3.1 · Vendor: airbus
Share

Severity by source

Vendor (airbus) PRIMARY
4.3 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
8.1 HIGH

Adjacent network required (AV:A); admin portal access implies full config read (C:H) and write (I:H); no direct availability impact described.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (airbus).

CVSS VectorVendor: airbus

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 15:51 vuln.today

DescriptionCVE.org

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)

A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

AnalysisAI

Administrative access to the Stormshield Network Security captive-admin portal is bypassed when an attacker presents a revoked client certificate, because the portal does not enforce certificate revocation checks during TLS mutual authentication. Affected versions span three branches: 4.3.0-4.3.41, 4.4.0-4.8.15, and 5.0.2 EA-5.0.5. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain revoked SNS admin client certificate
Delivery
Gain adjacent network access to captive-admin portal
Exploit
Present revoked certificate in TLS handshake
Execution
Portal skips revocation validation
Impact
Receive full administrative session

Vulnerability AssessmentAI

Exploitation Three specific prerequisites must be met: (1) the attacker must possess a client certificate that was previously issued for authentication to the SNS captive-admin portal and has since been revoked - arbitrary certificates or certificates for other systems are not usable; (2) the attacker must have adjacent network access to the captive-admin portal's listening interface (AV:A - not exploitable from the open internet unless the portal is explicitly internet-exposed, which would be atypical for a management interface); (3) the target SNS instance must be running one of the affected version branches (4.3.0-4.3.41, 4.4.0-4.8.15, or 5.0.2 EA-5.0.5) with the captive-admin portal feature active. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 3.1 score of 4.3 (Medium, AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) significantly understates real-world impact for environments using client certificate authentication for SNS administration. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A former administrator whose client certificate was revoked after offboarding connects to the internal management network segment hosting the SNS captive-admin portal. Using standard TLS client tooling (e.g., curl with the certificate and key files), they authenticate to the portal - the portal accepts the revoked certificate without checking revocation status and grants full administrative access to the firewall appliance. …
Remediation Consult the Stormshield advisory at https://advisories.stormshield.eu/2026-002/ for the vendor-released patch; the exact fixed version number is not specified in available intelligence and cannot be independently confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-37434 CRITICAL POC
9.8 Aug 05

zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header

CVE-2020-7465 CRITICAL POC
9.8 Oct 06

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet

CVE-2020-7466 HIGH POC
7.5 Oct 06

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication m

CVE-2023-20032 CRITICAL
9.8 Mar 01

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p

CVE-2025-48707 HIGH
7.5 Sep 25

An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. Rated high severity (CVSS 7.5), this vulnera

CVE-2023-28616 HIGH
7.5 Dec 26

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x

CVE-2023-47091 HIGH
7.5 Dec 25

An issue was discovered in Stormshield Network Security (SNS) SNS 4.3.13 through 4.3.22 before 4.3.23, SNS 4.6.0 through

CVE-2023-26095 HIGH
7.5 Aug 28

ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analysing a cr

CVE-2022-40617 HIGH
7.5 Oct 31

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a craft

CVE-2022-27812 HIGH
7.5 Aug 24

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific for

CVE-2022-30279 HIGH
7.5 May 12

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8. Rated high severity (CVSS 7.5), this v

CVE-2022-23989 HIGH
7.5 Mar 15

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x b

Share

EUVD-2026-41043 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy