CVE Catalog

CVE-2026-8482

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

A vulnerability was discovered in StormShield Network Security versions 4.3.0 to 4.3.41, 4.8.0 to 4.8.15, and 5.0.0 to 5.0.5, allowing a possible leak of secret information when administration commands are passed via the CLI tool. An attacker with SSH access to the firewall (if SSH multiuser mode is enabled) could potentially obtain the proxy CA passphrase or TPM password.

Risk Assessment

The risk involves unauthorized access to sensitive credentials, potentially compromising the confidentiality and integrity of protected network resources.

Recommendation

It is recommended to immediately update StormShield Network Security to the latest available version and disable SSH multiuser mode if not required.

Original NVD description (English source)

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS