CVE-2026-8474
published 2026-06-01CVE-2026-8474: A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.18%
8.0th percentile
A vulnerability was discovered on Stormshield Network Security * 4.3.0 to 4.3.41, * 4.8.0 to 4.8.15, * 5.0.0 to 5.0.5 It is possible to execute a reflected XSS attack on the login API available on Stormshield SNS appliance by executing a script on the victim's machine. The risks include the theft of cookies or other sensitive data, as well as the modification of page behavior, for example, by redirecting the victim to malicious websites.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stormshield | stormshield_network_security | 4.3.0 – 4.3.41 | — |
| stormshield | stormshield_network_security | 4.8.0 – 4.8.15 | — |
| stormshield | stormshield_network_security | 5.0.0 – 5.0.5 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-01
Published