Description
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
Problem types
CWE-306 Missing authentication for critical function
Product status
Any version before 26.2.0
Any version before 26.2.0
Credits
This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.
References
security.nozominetworks.com/NN-2026:10-01