Possible information disclosure on OpenSSL

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2026-011 CVE-2026-31790 04/07/2026 medium v1

Vulnerability details

Possible disclosure of sensitive information in “EVP_PKEY_encapsulate()”.

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted.

Revisions

Version Date Description
v1 06/09/2026 Initial release


Stormshield Network Security

CVSS v3.1 Overall Score: 6.5      

Analysis

Impacted version

Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer.

The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker.

A remote attacker could exploit this by sending an invalid RSA key to obtain sensitive information from the application’s memory.

  • SNS 5.0.0 to 5.0.5

Workaround solution

Solution

There is no workaround solution on SNS appliances.

The following update will fix this vulnerability:

  • SNS 5.0.6


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Unchanged High None None
CVSS Base score: 7.5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 6.5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Confidentiality Requirement (CR) Integrity Requirement (IR) Availability Requirement (AR)
Medium Medium Medium
CVSS Environmental score: 6.5 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:M/IR:M/AR:M/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)