Home

Description

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

PUBLISHED Reserved 2026-03-10 | Published 2026-07-09 | Updated 2026-07-09 | Assigner Nozomi




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-306 Missing authentication for critical function

Product status

Default status
unaffected

Any version before 26.2.0
affected

Default status
unaffected

Any version before 26.2.0
affected

Credits

This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation. finder

References

security.nozominetworks.com/NN-2026:10-01

cve.org (CVE-2026-31983)

nvd.nist.gov (CVE-2026-31983)

Download JSON