Platform
linux
Component
endian-firewall
Fixed in
3.3.26
CVE-2026-34796 describes a Command Injection vulnerability discovered in Endian Firewall. This flaw allows authenticated users to execute arbitrary operating system commands, potentially granting them complete control over the firewall. The vulnerability affects versions of Endian Firewall up to 3.3.25, and a patch is available to address the issue.
An attacker exploiting this vulnerability could gain unauthorized access to the underlying operating system of the Endian Firewall. This could lead to data breaches, system modification, and complete compromise of the network protected by the firewall. The ability to execute arbitrary commands means the attacker could install malware, steal sensitive data, or pivot to other systems on the network. The impact is particularly severe given the firewall's role as a critical security perimeter.
CVE-2026-34796 was publicly disclosed on 2026-04-02. The vulnerability's impact and ease of exploitation suggest a medium probability of exploitation. No public proof-of-concept (POC) code has been released at the time of writing, but the command injection nature of the vulnerability makes it likely that a POC will emerge. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.49% (66% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade Endian Firewall to a version that includes the security patch. Until the upgrade is possible, consider implementing temporary workarounds such as restricting access to /cgi-bin/logs_openvpn.cgi to trusted users only. Implement strict input validation on the DATE parameter using a Web Application Firewall (WAF) or proxy server. Monitor firewall logs for unusual command execution attempts. After upgrade, confirm the vulnerability is resolved by attempting to inject a benign command through the DATE parameter and verifying that it is properly sanitized.
Update Endian Firewall to a version later than 3.3.25. This corrects the command injection vulnerability in the DATE parameter of the /cgi-bin/logs_openvpn.cgi script.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34796 is a Command Injection vulnerability affecting Endian Firewall versions up to 3.3.25. It allows authenticated users to execute arbitrary OS commands, potentially compromising the firewall and the network it protects.
If you are running Endian Firewall version 3.3.25 or earlier, you are potentially affected by this vulnerability. Check your firewall version and upgrade as soon as possible.
The recommended fix is to upgrade Endian Firewall to a patched version. Consult the Endian Firewall security advisory for the latest available version with the fix.
While no active exploitation has been confirmed, the vulnerability's nature makes it likely that exploitation attempts may occur. Proactive mitigation is recommended.
Refer to the official Endian Firewall security advisory on their website for detailed information and patching instructions. (Link to advisory would be here if available)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.