CVE-2026-34485
A CLI ACL Bypass vulnerability in Nokia 1830 Global Express (GX)

Public disclosure	2026-03-30
Last updated	2026-03-30
Vulnerability type	CLI ACL Bypass
CVSS vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS score	7.8

Description

Nokia 1830 Global Express (GX) is vulnerable to a CLI ACL Bypass vulnerability where a low-privileged authenticated attacker can bypass the SSH isolation mechanism and gain access to the underlying operating system shell via a custom SSH command. This issue occurs by default in the system and is not the result of misconfiguration.

Affected products and versions

Nokia 1830 Global Express (GX) G42, GX G31, GX G32, GX G34 releases prior to GX r9.0.

Mitigation plan

Fixes have been provided in Nokia 1830 Global Express (GX) r9.0 and later releases.

Acknowledgements

Damiano Diego de Felice (Agenzia per la Cybersicurezza Nazionale (ACN))
Alessandro Esposito (Agenzia per la Cybersicurezza Nazionale (ACN))

References

Select your country

CVE-2026-34485
A CLI ACL Bypass vulnerability in Nokia 1830 Global Express (GX)

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

1830 Global Express (GX)

Looking for Nokia licensed products support?

Looking for Nokia licensed products support?

Select your country

CVE-2026-34485A CLI ACL Bypass vulnerability in Nokia 1830 Global Express (GX)

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

1830 Global Express (GX)

CVE-2026-34485
A CLI ACL Bypass vulnerability in Nokia 1830 Global Express (GX)