PT-2026-54932 · Stormshield · Stormshield Network Security

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-8480

CVSS v3.1

4.3

Medium

VectorAV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Stormshield Network Security versions 4.3.0 through 4.3.41 Stormshield Network Security versions 4.4.0 through 4.8.15 Stormshield Network Security versions 5.0.2 EA through 5.0.5
Description A flaw exists in the captive-admin portal that allows authentication using a revoked client certificate. An attacker possessing such a certificate can bypass security checks to gain administrative access to the system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-8480

Affected Products

Stormshield Network Security