| Advisory ID | NN-2026:9-01 |
|---|---|
| Topic | Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0 |
| CWE Impact | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| Issue date | 2026-07-07 |
| Affects | Guardian, CMC < v26.2.0 |
| CVE Name(s) | CVE-2026-31982 |
| CVSS Details | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
| CVSS Score | 5.3 (CVSS v4.0) 7.1 (CVSS v3.1) |
| CVE Risk Level | Medium (CVSS v4.0) High (CVSS v3.1) |
| Risk Level for Nozomi customers | Medium |
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter.
An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.
Guardian, CMC < v26.2.0
Use internal firewall features to limit access to the web management interface.
Upgrade to v26.2.0 or later.
We thank the following parties for their efforts: