Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34792 describes a Command Injection vulnerability discovered in Endian Firewall versions up to 3.3.25. An authenticated user can exploit this flaw to execute arbitrary operating system commands, potentially gaining control of the firewall. This vulnerability stems from insufficient input validation within the /cgi-bin/logs_clamav.cgi script, specifically concerning the DATE parameter. A patch is available to address this issue.
Successful exploitation of CVE-2026-34792 allows an attacker to execute arbitrary commands on the underlying Linux system hosting the Endian Firewall. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The attacker would need to be authenticated to access the vulnerable endpoint, but once authenticated, the impact is significant. Given the firewall's role in network security, a compromise could allow the attacker to pivot to other internal systems, expanding the blast radius considerably. This vulnerability shares similarities with other command injection flaws where improper sanitization of user-supplied input leads to OS command execution.
CVE-2026-34792 was publicly disclosed on April 2, 2026. The vulnerability is not currently listed on CISA KEV, and an EPSS score is pending evaluation. No public proof-of-concept exploits have been identified at the time of writing, but the nature of command injection vulnerabilities makes it likely that exploits will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34792 is to upgrade Endian Firewall to a version patched against this vulnerability. Refer to the Endian Firewall security advisory for the specific patched version. If immediate upgrade is not possible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious characters in the DATE parameter. Additionally, restrict access to the /cgi-bin/logs_clamav.cgi endpoint to only authorized users and networks. Regularly review firewall logs for any unusual activity related to this endpoint.
Update Endian Firewall to a version later than 3.3.25. This corrects the command injection vulnerability in the DATE parameter of the /cgi-bin/logs_clamav.cgi script.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34792 is a Command Injection vulnerability affecting Endian Firewall versions up to 3.3.25, allowing authenticated users to execute OS commands.
You are affected if you are running Endian Firewall version 3.3.25 or earlier. Check your version and upgrade immediately.
Upgrade to a patched version of Endian Firewall as specified in the official security advisory. Implement WAF rules as a temporary workaround.
No active exploitation has been confirmed, but the vulnerability's nature makes it likely that exploits will emerge. Monitor security advisories.
Refer to the Endian Firewall security advisory published on their official website or security mailing list.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.