CVE-2026-31984
Received
Received - Intake
Denial-of-Service via Unbounded Audit Logging in Nozomi Networks Product
Vulnerability report for CVE-2026-31984, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-09
Last updated on: 2026-07-09
Assigner: Nozomi Networks Inc.
Description
Description
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into audit entries, possibly exhausting the available disk space and rendering the system inoperable.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nozomi_networks | guardian | to 26.2.0 (exc) |
| nozomi_networks | cmc | to 26.2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |