highCVE-2026-31984

Nozomi Guardian and CMC Audit Log Resource Exhaustion Vulnerability

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into audit entries, possibly exhausting the available disk space and rendering the system inoperable.

ProductGuardian and CMC
CVSS8.7
EPSS0.00274
UpdatedJuly 10, 2026

Quick answer

Nozomi Networks Guardian and CMC should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Nozomi Networks Guardian before 26.2.0
  • Nozomi Networks CMC before 26.2.0

Fixed versions

  • 26.2.0

How to fix it

Nozomi Guardian and CMC before 26.2.0 is affected by CVE-2026-31984. large unauthenticated input can be written into audit entries without a size limit and exhaust disk space. Upgrade to 26.2.0, limit exposure to the affected audit logging paths, and monitor disk usage until patched.

  1. Inventory affected Nozomi Guardian and CMC deployments and record appliance, sensor, and collector versions.
  2. Upgrade affected systems from before 26.2.0 to 26.2.0 or later.
  3. Apply the vendor mitigation if an immediate upgrade cannot be completed.
  4. Restrict management, synchronization, SAML, and collector interfaces to trusted networks only.
  5. Review users, roles, sync tokens, certificates, and recent configuration changes for suspicious activity.
  6. Back up known-good configuration before remediation and after the patched state is confirmed.
  7. Monitor appliance health, audit logs, and authentication events for repeated exploit attempts.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Confirm Nozomi Guardian and CMC is running 26.2.0 or later where applicable.
  • Retest the affected workflow in staging or a maintenance window and confirm the vulnerable behavior is blocked.
  • Review audit logs after remediation for failed attempts against the affected endpoint or feature.
  • Confirm legitimate synchronization, SAML, SSH key, or visualization workflows still work as expected.
  • Run a Fixnx scan and confirm public management interfaces are not exposed.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-31984?

Nozomi Networks Guardian and CMC versions listed as affected should be reviewed: Nozomi Networks Guardian before 26.2.0, Nozomi Networks CMC before 26.2.0.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.