Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34790 describes a Directory Traversal vulnerability discovered in Endian Firewall. This flaw allows authenticated users to delete arbitrary files on the system by manipulating the 'remove ARCHIVE' parameter in the /cgi-bin/backup.cgi script. The vulnerability impacts Endian Firewall versions 3.3.25 and earlier, and a patch is available to address the issue.
An attacker exploiting this vulnerability could gain complete control over the Endian Firewall's file system. By crafting malicious requests, they can delete critical configuration files, system binaries, or even the operating system itself, leading to a denial of service. The ability to delete arbitrary files also presents a significant risk of data exfiltration if sensitive information is stored on the firewall. Successful exploitation could compromise the entire network protected by the firewall, as it serves as a critical security gateway. This vulnerability shares similarities with other directory traversal exploits where improper sanitization of user-supplied input leads to unauthorized file access.
CVE-2026-34790 was publicly disclosed on 2026-04-02. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.16% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34790 is to upgrade Endian Firewall to a version patched against this vulnerability. Refer to the Endian Firewall vendor advisory for the specific patched version. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting access to the /cgi-bin/backup.cgi script to trusted users only. Web Application Firewall (WAF) rules can be configured to filter requests containing directory traversal sequences in the 'remove ARCHIVE' parameter. Regularly monitor system logs for suspicious activity related to file deletion.
Actualice Endian Firewall a una versión posterior a la 3.3.25. Esto solucionará la vulnerabilidad de recorrido de directorios en el parámetro ARCHIVE al eliminar archivos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34790 is a vulnerability in Endian Firewall versions ≤3.3.25 that allows authenticated users to delete arbitrary files via directory traversal in the /cgi-bin/backup.cgi script.
If you are using Endian Firewall version 3.3.25 or earlier, you are potentially affected by this vulnerability. Check your version and upgrade if necessary.
Upgrade Endian Firewall to a patched version as recommended by the vendor. Implement temporary workarounds like restricting access to the vulnerable script if immediate upgrading isn't possible.
As of now, there are no confirmed reports of active exploitation of CVE-2026-34790, but it's crucial to apply the patch proactively.
Refer to the official Endian Firewall security advisories on their website for detailed information and patch release notes.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.