CVE Catalog

CVE-2026-8480

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

0th percentile — higher than 0% of all known CVEs

Summary

A vulnerability in Stormshield Network Security allows authentication using a revoked client certificate on the captive-admin portal. An attacker possessing such a certificate can gain administrative access.

Risk Assessment

The risk is unauthorized administrative access by someone with a revoked certificate, potentially leading to full device compromise.

Recommendation

Immediately update Stormshield Network Security to version 4.3.42, 4.8.16 or later, which includes the fix.

Original NVD description (English source)

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS