CVE-2026-31983

Severity CVSS v4.0:
MEDIUM
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
09/07/2026
Last modified:
09/07/2026

Description

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.

References to Advisories, Solutions, and Tools