Back to overview

CVE-2026-8482

MEDIUM
4.3
CVSS 3.1
Description
A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.

Metadata

CVE ID
CVE-2026-8482
State
PUBLISHED
Assigner
airbus
Reserved
2026-05-13 14:04 UTC
Published
2026-07-02 08:42 UTC
Last updated
2026-07-02 12:20 UTC
Primary CWE
CWE-532
CWE-532 Insertion of sensitive information into log file
Vendor / Product
Stormshield / Stormshield Network Security
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Stormshield Stormshield Network Security 4.3.0 ≤ 4.3.41, 4.8.0 ≤ 4.8.15, 5.0.0 ≤ 5.0.5
Weakness (CWE)
CWESourceDescription
CWE-532 cna CWE-532 Insertion of sensitive information into log file
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Back to overview