CVE-2026-33390

Severity CVSS v4.0:
HIGH
Type:
Unavailable / Other
Publication date:
09/07/2026
Last modified:
10/07/2026

Description

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affecting its availability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* 26.2.0 (excluding)
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* 26.2.0 (excluding)


References to Advisories, Solutions, and Tools