CVE-2026-31983
Received Received - Intake

Missing Authentication in SSH Key Sync Endpoint Exposes User Keys

Vulnerability report for CVE-2026-31983, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Nozomi Networks Inc.

Description

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nozomi_networks guardian_cmc to 26.2.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Missing Authentication flaw found in the SSH keys synchronization endpoint of Guardian/CMC software versions prior to 26.2.0.

Because of this flaw, an unauthenticated attacker can send a request to this endpoint and retrieve sensitive information such as the list of users who have uploaded their public SSH keys, their associated groups, and the public keys themselves.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information, including user identities, group memberships, and their public SSH keys.

Such information exposure can increase the risk of targeted attacks, social engineering, or further exploitation of the system.

The vulnerability is rated as Medium risk with a CVSS v4.0 score of 6.9 and v3.1 score of 5.3.

Detection Guidance

This vulnerability involves an unauthenticated request to the SSH keys synchronization endpoint that returns sensitive information such as user lists, groups, and public SSH keys.

To detect this vulnerability on your network or system, you can attempt to send an unauthenticated HTTP request to the SSH keys synchronization endpoint of the Guardian/CMC software and observe if it returns sensitive data without authentication.

A possible command to test this could be using curl to send a request to the endpoint, for example:

  • curl -v http://<target-ip-or-host>/api/ssh-keys-sync

If the response contains user lists, groups, or public SSH keys without requiring authentication, the system is vulnerable.

Mitigation Strategies

The primary mitigation step is to upgrade the Guardian/CMC software to version 26.2.0 or later, where this vulnerability has been fixed.

As a temporary measure before upgrading, restrict access to the web management interface by using internal firewall features to limit who can reach the SSH keys synchronization endpoint.

Compliance Impact

The vulnerability allows an unauthenticated attacker to obtain sensitive information such as the list of users who have uploaded their public SSH keys, their groups, and the keys themselves. This exposure of user-related data could potentially impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

However, the provided information does not explicitly mention the impact on compliance with specific standards or regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31983. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart