CVE-2026-8482
Received
Received - Intake
Possible Secret Information Leak in StormShield Network Security via CLI
Vulnerability report for CVE-2026-8482, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-02
Last updated on: 2026-07-02
Assigner: Airbus
Description
Description
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included)
There is a possible leak of secret information if administration commands have been passed with the CLI command line tool.
Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| stormshield | network_security | From 4.3.0 (inc) to 4.3.41 (inc) |
| stormshield | network_security | From 4.8.0 (inc) to 4.8.15 (inc) |
| stormshield | network_security | From 5.0.0 (inc) to 5.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |