Description
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Published: 2026-05-19
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored HTML injection flaw in the Smart Polling feature allows an authenticated user with limited credentials to submit malicious remote strategies containing HTML tags. When other users view the affected strategy, the injected HTML renders in their browsers, creating opportunities for phishing or open‑redirect attacks. Existing input validation and the host’s Content Security Policy prevent full cross‑site scripting or direct information disclosure.

Affected Systems

Nozomi Networks CMC and Guardian products, all versions prior to 26.1.0, are vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate impact level. The exploit requires authentication but is otherwise straightforward due to the lack of advanced privilege escalation requirements. Because the vulnerability is not listed in CISA’s KEV catalog and no EPSS score is available, it is not known to be actively exploited in the wild, yet it remains a legitimate risk for exposed or internal networks where users may view synced strategies.

Generated by OpenCVE AI on May 19, 2026 at 14:35 UTC.

Remediation

Vendor Solution

Upgrade to v26.1.0 or later.

Vendor Workaround

Review all enabled sensors and disallow or delete untrusted ones.

OpenCVE Recommended Actions

  • Upgrade Nozomi Networks CMC and Guardian to version 26.1.0 or later.
  • Review all enabled sensors and disallow or delete those that are not trusted to prevent malicious remote strategy submission.
  • Ensure that the Content Security Policy and input validation for remote strategy fields remain enforced to block execution of injected HTML.

Generated by OpenCVE AI on May 19, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Nozominetworks
Nozominetworks cmc
Nozominetworks guardian
CPEs cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozominetworks
Nozominetworks cmc
Nozominetworks guardian

Tue, 19 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remote strategy in the Smart Polling functionality, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.
Title HTML injection in Smart Polling in Guardian/CMC before 26.1.0
First Time appeared Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
Weaknesses CWE-79
CPEs cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:*
cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:*
Vendors & Products Nozomi Networks
Nozomi Networks cmc
Nozomi Networks guardian
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L'}

Subscriptions

Nozomi Networks Cmc Guardian
Nozominetworks Cmc Guardian
cve-icon MITRE

Status: PUBLISHED

Assigner: Nozomi

Published:

Updated: 2026-05-19T13:56:35.147Z

Reserved: 2025-04-16T09:04:35.923Z

Link: CVE-2025-40904

cve-icon Vulnrichment

Updated: 2026-05-19T13:56:26.204Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T14:16:28.293

Modified: 2026-05-19T17:41:46.880

Link: CVE-2025-40904

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T16:00:09Z

Weaknesses