Platform
perl
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34794 describes a Command Injection vulnerability discovered in Endian Firewall versions 3.3.25 and earlier. This flaw allows authenticated users to execute arbitrary operating system commands, potentially granting them unauthorized access and control over the firewall. The vulnerability stems from insufficient validation of the DATE parameter within the /cgi-bin/logs_ids.cgi script. A patch is expected to address this issue.
Successful exploitation of CVE-2026-34794 could allow an attacker to gain complete control over the affected Endian Firewall. This could involve modifying firewall rules, stealing sensitive data stored on the device, or using the firewall as a launchpad for attacks against internal network resources. The impact is particularly severe given that firewalls often sit at the network perimeter, protecting critical infrastructure. A compromised firewall could lead to a complete data breach and disruption of services. The Perl script's reliance on an incomplete regular expression for validating the DATE parameter makes it susceptible to injection attacks, similar to vulnerabilities seen in other web applications using dynamic file path construction.
CVE-2026-34794 was publicly disclosed on 2026-04-02. Its inclusion in the NVD is pending. There are currently no publicly available proof-of-concept exploits, but the vulnerability's nature and ease of exploitation suggest a medium probability of exploitation (EPSS score likely medium). Active campaigns targeting Endian Firewall are not currently known, but the vulnerability's severity warrants close monitoring.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34794 is to upgrade Endian Firewall to a version that includes the security patch. If an immediate upgrade is not possible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. These may include restricting access to the /cgi-bin/logs_ids.cgi endpoint to trusted users only, or implementing a Web Application Firewall (WAF) rule to filter out potentially malicious DATE parameter values. Monitor firewall logs for unusual activity, particularly attempts to access the vulnerable endpoint with unusual or unexpected DATE parameter values. After upgrading, verify the fix by attempting to inject a command through the DATE parameter and confirming that it is properly sanitized.
Update Endian Firewall to a version later than 3.3.25 to fix the command injection vulnerability. Consult the vendor's website for instructions on how to update your system.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34794 is a Command Injection vulnerability affecting Endian Firewall versions up to 3.3.25. It allows authenticated users to execute arbitrary OS commands, potentially compromising the firewall.
You are affected if you are running Endian Firewall version 3.3.25 or earlier. Check your version and upgrade as soon as possible.
Upgrade Endian Firewall to a patched version. If immediate upgrade is not possible, implement temporary workarounds like restricting access or using a WAF.
While no active campaigns are currently known, the vulnerability's ease of exploitation suggests a potential risk. Continuous monitoring is recommended.
Refer to the Endian Firewall security advisories page for the latest information and official patch releases: [https://www.endian.com/security/](https://www.endian.com/security/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.