| Advisory ID | NN-2026:11-01 |
|---|---|
| Topic | DoS through oversized audit log entries in Guardian/CMC before 26.2.0 |
| CWE Impact | CWE-770: Allocation of Resources Without Limits or Throttling |
| Issue date | 2026-07-07 |
| Affects | Guardian, CMC < v26.2.0 |
| CVE Name(s) | CVE-2026-31984 |
| CVSS Details | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| CVSS Score | 8.7 (CVSS v4.0) 7.5 (CVSS v3.1) |
| CVE Risk Level | High (CVSS v4.0) High (CVSS v3.1) |
| Risk Level for Nozomi customers | High |
A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries.
An unauthenticated attacker can submit requests containing excessively large input that is recorded into audit entries, possibly exhausting the available disk space and rendering the system inoperable.
Guardian, CMC < v26.2.0
Use internal firewall features to limit access to the web management interface.
Upgrade to v26.2.0 or later.
We thank the following parties for their efforts: