A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to v26.2.0 or later.
Workaround
Use internal firewall features to limit access to the web management interface.
References
| Link | Providers |
|---|---|
| https://security.nozominetworks.com/NN-2026:10-01 |
|
History
Thu, 09 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys. | |
| Title | Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0 | |
| First Time appeared |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| Weaknesses | CWE-306 | |
| CPEs | cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2026-07-09T07:22:44.704Z
Reserved: 2026-03-10T16:14:03.266Z
Link: CVE-2026-31983
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses