Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34793 describes a Command Injection vulnerability discovered in Endian Firewall versions up to 3.3.25. An authenticated attacker can leverage the DATE parameter within the /cgi-bin/logs_firewall.cgi endpoint to execute arbitrary operating system commands. This vulnerability stems from insufficient validation of the DATE parameter, allowing malicious input to be incorporated into file paths used by a Perl script, ultimately leading to command execution. The vulnerability was publicly disclosed on April 2, 2026, and a fix is available in a later version.
Successful exploitation of CVE-2026-34793 allows an authenticated attacker to gain complete control over the underlying Endian Firewall system. This includes the ability to execute arbitrary commands with the privileges of the user running the affected Perl script. An attacker could potentially install malware, steal sensitive data stored on the firewall (such as configuration files or logs), modify firewall rules to redirect traffic, or even pivot to other systems on the network. The blast radius extends to any systems accessible through the compromised firewall, making it a critical security risk. This vulnerability shares similarities with other command injection flaws where improper input sanitization allows attackers to inject and execute malicious code.
CVE-2026-34793 is currently not listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it likely that exploits will emerge. The vulnerability's ease of exploitation (requiring only authentication) suggests a medium probability of exploitation. The vulnerability was disclosed on April 2, 2026, according to the NVD.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34793 is to upgrade Endian Firewall to a version patched against this vulnerability. Consult Endian's official security advisory for the specific fixed version. If immediate upgrade is not possible due to compatibility issues or testing requirements, consider implementing temporary workarounds. While a WAF or proxy cannot directly prevent this command injection, strict input validation rules on the DATE parameter could offer limited protection. Regularly review firewall logs for suspicious activity, particularly requests targeting /cgi-bin/logs_firewall.cgi with unusual DATE parameter values. After upgrading, confirm the fix by attempting to inject a simple command (e.g., whoami) through the DATE parameter and verifying that it is properly sanitized and does not result in command execution.
Update Endian Firewall to a version later than 3.3.25. This will fix the command injection vulnerability in the DATE parameter of the /cgi-bin/logs_firewall.cgi script.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34793 is a Command Injection vulnerability affecting Endian Firewall versions up to 3.3.25. An authenticated attacker can execute OS commands via a parameter, potentially compromising the system.
You are affected if you are running Endian Firewall version 3.3.25 or earlier. Check your version and upgrade as soon as possible.
Upgrade to a patched version of Endian Firewall. Consult Endian's official security advisory for the specific fixed version.
While no widespread exploitation has been confirmed, the vulnerability's nature suggests a potential for exploitation. Monitor your systems closely.
Refer to Endian's official security advisory page for the latest information and updates regarding CVE-2026-34793.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.