CVE-2026-34795
Command Injection in Endian Firewall Logs CGI Allows Arbitrary Execution
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34795 is a high-severity OS command injection vulnerability affecting Endian Firewall versions 3.3.25 and earlier.
The flaw exists in the /cgi-bin/logs_log.cgi script, specifically in the handling of the DATE parameter.
Authenticated users can exploit this vulnerability to execute arbitrary operating system commands because the DATE parameter is used to construct a file path passed to a Perl open() call without proper sanitization.
An incomplete regular expression validation fails to neutralize special characters, enabling command injection.
How can this vulnerability impact me? :
This vulnerability allows authenticated users to execute arbitrary OS commands on the affected system.
Exploitation can lead to a compromise of system confidentiality, integrity, and availability.
Because the attack vector is network-based with low complexity and no user interaction required, an attacker with valid credentials can potentially take control of the system remotely.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious or unauthorized use of the /cgi-bin/logs_log.cgi script with the DATE parameter. Since the vulnerability requires authentication, checking authenticated requests that include unusual or specially crafted DATE parameter values may help identify exploitation attempts.
Specific commands to detect exploitation attempts are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /cgi-bin/logs_log.cgi script to trusted authenticated users only and monitoring for suspicious activity involving the DATE parameter.
Upgrading Endian Firewall to a version later than 3.3.25, where this vulnerability is fixed, is strongly recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-34795 allows authenticated users to execute arbitrary OS commands on Endian Firewall versions 3.3.25 and prior, which can lead to unauthorized access, modification, or disruption of sensitive data and system availability.
Such a vulnerability can impact compliance with common standards and regulations like GDPR and HIPAA because it threatens the confidentiality, integrity, and availability of protected data. Exploitation could result in data breaches or system compromises that violate requirements for protecting personal or health information.
Therefore, organizations using affected versions of Endian Firewall may face increased risk of non-compliance due to potential unauthorized data access or service disruption stemming from this command injection vulnerability.