Description
A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Published: 2026-05-19
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored HTML injection flaw exists in the Credentials Manager of Nozomi Networks CMC and Guardian. An authenticated administrator can embed malicious HTML tags into an identity record. When a user attempts to delete that identity, the injected markup renders in the victim’s browser, enabling phishing or open redirect attacks while full script execution and direct data theft are blocked by existing input validation and a Content Security Policy.

Affected Systems

The vulnerability affects Nozomi Networks CMC and Guardian versions prior to 26.1.0. Any deployment using 26.0 or earlier is susceptible until upgraded.

Risk and Exploitability

The CVSS score of 4.8 reflects moderate severity; the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated administrator with access to the web management interface, which is typically an internal network function. Once an attacker creates a malicious identity, any user who deletes that identity will be exposed to the injected content. The overall risk is moderate, but it remains a concern for organizations that rely on native client or browser-based authentication flows.

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Remediation

Vendor Solution

Upgrade to v26.1.0 or later.

Vendor Workaround

Use internal firewall features to limit access to the web management interface.

OpenCVE Recommended Actions

  • Upgrade to version 26.1.0 or later to eliminate the flaw
  • If an upgrade is not yet possible, block external access to the web management interface using firewall rules and remove or disable all unused administrative accounts
  • Audit the Credentials Manager for stored identities containing unexpected HTML tags and delete any that appear malicious

Generated by OpenCVE AI on May 19, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected identity, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title HTML injection in Credentials Manager in Guardian/CMC before 26.1.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Nozomi Networks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-19T14:07:41.971Z

Reserved: 2025-04-16T09:04:35.923Z

Link: CVE-2025-40901

cve-icon Vulnrichment

Updated: 2026-05-19T14:07:36.480Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-19T14:16:27.767

Modified: 2026-05-19T14:37:55.490

Link: CVE-2025-40901

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T14:45:07Z

Weaknesses