CVE-2026-8480 MEDIUM

CVE-2026-8480: Connection possible to the Administration portal with a revoked certificate

Vendor Stormshield
Product Stormshield Network Security
Weakness CWE-295
Published July 1, 2026
Last update July 1, 2026

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

Key dates

02Disclosure timeline

July 1, 2026 CVE published