CVE-2026-8480
Received
Received - Intake
Revoked Client Certificate Authentication Bypass in Stormshield Network Security
Vulnerability report for CVE-2026-8480, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-01
Last updated on: 2026-07-01
Assigner: Airbus
Description
Description
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stormshield | network_security | From 4.3.0 (inc) to 4.3.41 (inc) |
| stormshield | network_security | From 4.4.0 (inc) to 4.8.15 (inc) |
| stormshield | network_security | From 5.0.2 (inc) to 5.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |