Missing Authentication Vulnerability in SSH Keys Synchronization for Nozomi Networks
CVE-2026-31983
6.9MEDIUM
What is CVE-2026-31983?
A missing authentication vulnerability in the SSH keys synchronization endpoint allows unauthenticated attackers to send requests and retrieve sensitive information. Specifically, attackers can obtain a list of users who have uploaded their public SSH keys, along with their associated groups and the public keys themselves. This exposure can lead to unauthorized access and compromise user accounts, making it critical for organizations using the Nozomi Networks platform to apply security best practices and mitigate the risks associated with this vulnerability.
Affected Version(s)
CMC 0 < 26.2.0
Guardian 0 < 26.2.0
References
CVSS V4
Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.
