A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://advisories.stormshield.eu/2026-002/ |
|
History
Wed, 01 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Stormshield
Stormshield stormshield Network Security |
|
| Vendors & Products |
Stormshield
Stormshield stormshield Network Security |
Wed, 01 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. | |
| Title | Connection possible to the Administration portal with a revoked certificate | |
| Weaknesses | CWE-295 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: airbus
Published:
Updated: 2026-07-01T15:45:32.124Z
Reserved: 2026-05-13T13:48:21.232Z
Link: CVE-2026-8480
Updated: 2026-07-01T15:45:27.327Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-02T01:00:12Z