CVE-2026-34485
CLI ACL Bypass in GX G42

Public disclosure	30-03-2026
Last updated	30-03-2026
Vulnerability type	CLI ACL Bypass
CVSS vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS score	7.8 (High)

Description

A low-privileged authenticated attacker can bypass the SSH isolation mechanism and gain access to the underlying operating system shell via a custom SSH command. This issue occurs by default in the system and is not the result of misconfiguration.

Affected products and versions

Affected Products : Nokia GX G42, GX G31, GX G32, GX G34
Affected Releases : All releases prior to GX r9.0

Mitigation plan

GX r9.0 onwards

Acknowledgements

Damiano Diego de Felice (Agenzia per la Cybersicurezza Nazionale (ACN))
Alessandro Esposito (Agenzia per la Cybersicurezza Nazionale (ACN))

References

Select your country

CVE-2026-34485
CLI ACL Bypass in GX G42

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

Product Security Advisory

Looking for Nokia licensed products support?

Looking for Nokia licensed products support?

Select your country

CVE-2026-34485CLI ACL Bypass in GX G42

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

Product Security Advisory

CVE-2026-34485
CLI ACL Bypass in GX G42