Missing Authentication Vulnerability in SSH Keys Synchronization for Nozomi Networks
CVE-2026-31983

6.9MEDIUM

Key Information:

Vendor
CVE Published:
9 July 2026

What is CVE-2026-31983?

A missing authentication vulnerability in the SSH keys synchronization endpoint allows unauthenticated attackers to send requests and retrieve sensitive information. Specifically, attackers can obtain a list of users who have uploaded their public SSH keys, along with their associated groups and the public keys themselves. This exposure can lead to unauthorized access and compromise user accounts, making it critical for organizations using the Nozomi Networks platform to apply security best practices and mitigate the risks associated with this vulnerability.

Affected Version(s)

CMC 0 < 26.2.0

Guardian 0 < 26.2.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.
.