CVE-2026-31983
Severity CVSS v4.0:
MEDIUM
Type:
CWE-306
Missing Authentication for Critical Function
Publication date:
09/07/2026
Last modified:
09/07/2026
Description
A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH keys.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM
Base Score 3.x
5.30
Severity 3.x
MEDIUM



