No analysis available yet.
Vendor Solution
Upgrade to v26.2.0 or later.
Vendor Workaround
Review all enabled sensors and disallow or delete untrusted ones.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://security.nozominetworks.com/NN-2026:13-01 |
|
Thu, 09 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability. | |
| Title | Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0 | |
| First Time appeared |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| Weaknesses | CWE-266 | |
| CPEs | cpe:2.3:a:nozomi_networks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozomi_networks:guardian:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Nozomi Networks
Nozomi Networks cmc Nozomi Networks guardian |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Nozomi
Published:
Updated: 2026-07-09T12:29:18.009Z
Reserved: 2026-03-19T11:28:43.172Z
Link: CVE-2026-33390
Updated: 2026-07-09T12:26:10.011Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T10:45:04Z
-
CWE-266
Incorrect Privilege Assignment