🔐 CVE Alert

CVE-2026-8480

MEDIUM 4.3

Connection possible to the Administration portal with a revoked certificate

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

CWE CWE-295
Vendor stormshield
Product stormshield network security
Published Jul 1, 2026
Last Updated Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for stormshield stormshield network security

Be the first to know when new medium vulnerabilities affecting stormshield stormshield network security are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

Stormshield / Stormshield Network Security
4.3.0 ≤ 4.3.41 4.4.0 ≤ 4.8.15 5.0.2 EA ≤ 5.0.5

References

NVD ↗ CVE.org ↗ EPSS Data ↗
advisories.stormshield.eu: https://advisories.stormshield.eu/2026-002/