An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to v26.2.0 or later.
Workaround
Review all enabled sensors and disallow or delete untrusted ones.
References
| Link | Providers |
|---|---|
| https://security.nozominetworks.com/NN-2026:13-01 |
|
History
Thu, 09 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability. | |
| Title | Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0 | |
| First Time appeared |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| Weaknesses | CWE-266 | |
| CPEs | cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2026-07-09T07:23:30.236Z
Reserved: 2026-03-19T11:28:43.172Z
Link: CVE-2026-33390
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses