CVE-2026-8480
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0th percentile — higher than 0% of all known CVEs
Summary
A vulnerability in Stormshield Network Security allows authentication using a revoked client certificate on the captive-admin portal. An attacker possessing such a certificate can gain administrative access.
Risk Assessment
The risk is unauthorized administrative access by someone with a revoked certificate, potentially leading to full device compromise.
Recommendation
Immediately update Stormshield Network Security to version 4.3.42, 4.8.16 or later, which includes the fix.
Original NVD description (English source)
A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

