NN-2026:9-01

Open Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0

Last update: 2026-07-07

Advisory IDNN-2026:9-01
TopicOpen Redirect in SAML Single Sign-On in Guardian/CMC before 26.2.0
CWE ImpactCWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Issue date2026-07-07
AffectsGuardian, CMC < v26.2.0
CVE Name(s)CVE-2026-31982
CVSS DetailsCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CVSS Score5.3 (CVSS v4.0)
7.1 (CVSS v3.1)
CVE Risk LevelMedium (CVSS v4.0)
High (CVSS v3.1)
Risk Level for Nozomi customersMedium

Summary

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter.

Impact

An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.

Affected Products

Guardian, CMC < v26.2.0

Workarounds and Mitigations

Use internal firewall features to limit access to the web management interface.

Solutions

Upgrade to v26.2.0 or later.

Modification History

2026-07-07: Initial revision

Related Links

Acknowledgements

We thank the following parties for their efforts:

  • Andrea Palanca of Nozomi Networks Product Security team for finding this issue during an internal investigation

Contact

Nozomi Networks Product Security team can be reached at prodsec@nozominetworks.com.
More contact details on the PSIRT page.