Description
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Solution
Upgrade to v26.2.0 or later.
Vendor Workaround
Use internal firewall features to limit access to the web management interface.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://security.nozominetworks.com/NN-2026:10-01 |
|
History
Thu, 09 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys. | |
| Title | Missing authentication in SSH keys synchronization endpoint in Guardian/CMC before 26.2.0 | |
| First Time appeared |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| Weaknesses | CWE-306 | |
| CPEs | cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2026-07-09T07:22:44.704Z
Reserved: 2026-03-10T16:14:03.266Z
Link: CVE-2026-31983
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses