CVE-2026-31981
Received Received - Intake

Stored HTML Injection in N2OS Diagram and Graph View

Vulnerability report for CVE-2026-31981, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Nozomi Networks Inc.

Description

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple input vectors. When a victim views the affected data in the Diagram tab and Graph view, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nozominetworks guardian to 26.2.0 (exc)
nozominetworks cmc to 26.2.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-31981 is a Stored HTML Injection vulnerability found in the Diagram tab and Graph view of Nozomi Networks Guardian and CMC software versions before 26.2.0.

The vulnerability occurs because a shared input validation function is not restrictive enough, allowing an authenticated user with administrative privileges to inject malicious HTML tags into N2OS configuration data through multiple input vectors.

When other users view the affected data in the Diagram tab or Graph view, the injected HTML executes in their browsers, which can enable phishing or open redirect attacks.

However, full cross-site scripting (XSS) exploitation and direct information disclosure are prevented by existing input validation and Content Security Policy configurations.

Impact Analysis

This vulnerability can impact you by allowing an authenticated administrative user to inject malicious HTML into configuration data that other users will view.

When the injected HTML renders in the browsers of other users, it can be used to conduct phishing attacks or open redirect attacks, potentially compromising user trust and security.

Although full XSS attacks and direct information disclosure are mitigated, the medium risk remains due to the possibility of social engineering and redirection to malicious sites.

Mitigation Strategies

To mitigate the Stored HTML Injection vulnerability (CVE-2026-31981), you should upgrade the Guardian and CMC software to version 26.2.0 or later.

  • Limit access to the web management interface using internal firewall features.
  • Review administrative accounts and remove any unnecessary ones to reduce the risk of malicious input.
Compliance Impact

The vulnerability allows an authenticated administrative user to inject malicious HTML into configuration data, which can be rendered in other users' browsers, potentially enabling phishing or open redirect attacks.

Although full cross-site scripting exploitation and direct information disclosure are mitigated by existing input validation and Content Security Policy, the presence of such a vulnerability could increase the risk of phishing attacks and unauthorized redirection, which may impact compliance with security requirements in standards like GDPR and HIPAA that mandate protection against unauthorized access and data integrity.

Organizations subject to these regulations should consider this vulnerability as a medium risk that could affect their security posture and compliance, and should apply recommended mitigations such as upgrading software, restricting administrative access, and reviewing accounts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31981. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart