NextGuard
UNKNOWNCVE-2026-34791

Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

Platform

linux

Component

endian-firewall

View on NVD

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

How to fix

Actualice Endian Firewall a una versión posterior a la 3.3.25 para corregir la vulnerabilidad de inyección de comandos. Consulte la documentación de Endian para obtener instrucciones sobre cómo realizar la actualización.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-34791 — Vulnerability Details | NextGuard | NextGuard