CVE-2026-31982
Received Received - Intake

Open Redirect in SAML Single Sign-On Functionality

Vulnerability report for CVE-2026-31982, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Nozomi Networks Inc.

Description

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
nozominetworks guardian to 26.2.0 (exc)
nozominetworks cmc to 26.2.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-31982 is an Open Redirect vulnerability found in the SAML Single Sign-On functionality of Guardian and CMC software versions before 26.2.0.

The vulnerability occurs because the software does not properly validate a user-controlled redirection parameter. This allows an unauthenticated attacker to craft a malicious request to the SAML sign-in endpoint.

By exploiting this, the attacker can poison the cached SAML redirection for other users who later initiate SAML Single Sign-On.

This can lead to phishing and credential-theft attacks, as well as disruption of SAML authentication for all affected users.

Impact Analysis

This vulnerability can impact you by enabling attackers to perform phishing and credential-theft attacks against users of the affected software.

Additionally, it can disrupt the SAML authentication process for all users relying on the affected SAML Single Sign-On functionality.

Such disruptions and attacks can compromise user credentials and reduce the overall security and availability of the authentication system.

Mitigation Strategies

To mitigate the Open Redirect vulnerability in the SAML Single Sign-On functionality, users are advised to upgrade the Guardian and CMC software to version 26.2.0 or later.

Alternatively, internal firewall features can be used to restrict access to the web management interface, reducing the risk of exploitation.

Compliance Impact

The vulnerability allows an unauthenticated attacker to poison cached SAML redirections, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for users.

Such security weaknesses can potentially lead to unauthorized access to sensitive user data and compromise authentication mechanisms, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and health information.

However, the provided information does not explicitly describe the direct effects on compliance with these standards or any regulatory implications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31982. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart