Back to overview

CVE-2026-33390

HIGH
8.1
CVSS 3.1
Description
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability.

Metadata

CVE ID
CVE-2026-33390
State
PUBLISHED
Assigner
Nozomi
Reserved
2026-03-19 11:28 UTC
Published
2026-07-09 07:23 UTC
Last updated
2026-07-09 12:29 UTC
Primary CWE
CWE-266
CWE-266 Incorrect privilege assignment
Vendor / Product
Nozomi Networks / Guardian
Sources
cve.org  ·  NVD

Severity & Metrics

8.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (2)
VendorProductPlatformVersions
Nozomi Networks CMC 0 < 26.2.0
Nozomi Networks Guardian 0 < 26.2.0
Weakness (CWE)
CWESourceDescription
CWE-266 cna CWE-266 Incorrect privilege assignment
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.2 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview