Back to overview

CVE-2026-31982

HIGH
7.1
CVSS 3.1
Description
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.

Metadata

CVE ID
CVE-2026-31982
State
PUBLISHED
Assigner
Nozomi
Reserved
2026-03-10 16:14 UTC
Published
2026-07-09 07:22 UTC
Last updated
2026-07-09 12:42 UTC
Primary CWE
CWE-601
CWE-601 URL redirection to untrusted site ('open redirect')
Vendor / Product
Nozomi Networks / Guardian
Sources
cve.org  ·  NVD

Severity & Metrics

7.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
Nozomi Networks CMC 0 < 26.2.0
Nozomi Networks Guardian 0 < 26.2.0
Weakness (CWE)
CWESourceDescription
CWE-601 cna CWE-601 URL redirection to untrusted site ('open redirect')
CVSS scores (2)
ScoreSeverityVersionSourceVector
7.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L
Back to overview