CVE-2026-33390

Nozomi Networks · Guardian and CMC

An incorrect privilege assignment vulnerability in the synchronization functionality allows Arc sensors to receive CLI permissions.

Executive summary

A high-severity privilege assignment vulnerability in Nozomi Networks Guardian and CMC products could allow unauthorized CLI access, posing a significant risk to system integrity.

Vulnerability

This vulnerability involves an incorrect privilege assignment within the system's synchronization mechanism. An authenticated user (via Arc sensor integration) may gain unauthorized Command Line Interface (CLI) permissions, which they should not possess.

Business impact

The ability for non-privileged sensors to obtain CLI access represents a major security breach, potentially allowing an attacker to modify system configurations or disrupt industrial monitoring operations. With a CVSS score of 8.1, this flaw is categorized as high-severity, as it compromises the administrative control plane of critical infrastructure security appliances.

Remediation

Immediate Action: Upgrade both Nozomi Networks Guardian and CMC deployments to version 26.2.0 or later immediately to resolve the privilege assignment flaw.

Proactive Monitoring: Review system access logs for any unauthorized CLI activity or unusual synchronization events originating from Arc sensors.

Compensating Controls: Restrict network access to the management interface of affected devices to only trusted administrative workstations until the update can be applied.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the potential for unauthorized administrative access, organizations should prioritize the deployment of version 26.2.0. Failure to patch these appliances could allow lateral movement or unauthorized control over the security monitoring environment.