CVE-2026-8482 MEDIUM

CVE-2026-8482: Information leak in NSRPC client history

Vendor Stormshield
Product Stormshield Network Security
Weakness CWE-532 · Sensitive info in logs
Published July 2, 2026
Last update July 2, 2026

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 (included), 4.8.0 to 4.8.15 (included) , 5.0.0 to 5.0.5 (included) There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the firewall (if SSH multiuser mode is enabled) could possibly get the proxy CA passphrase or TPM password.

Key dates

02Disclosure timeline

July 2, 2026 CVE published