CVE-2026-34806
Stored XSS in Endian Firewall snat.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34806 impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34806 is a stored Cross-Site Scripting (XSS) vulnerability affecting Endian Firewall version 3.3.25 and earlier.
The vulnerability exists in the remark parameter of the /cgi-bin/snat.cgi script, where an authenticated attacker can inject arbitrary JavaScript code.
This injected code is stored on the server and executed when other users view the affected page, potentially compromising their security.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to inject malicious JavaScript code that is stored and executed in the browsers of other users viewing the affected page.
The impact includes potential theft of user credentials, session hijacking, or performing actions on behalf of other users without their consent.
Since the attack requires authentication, it may be limited to users with some level of access, but it still poses a medium severity risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the remark parameter of the /cgi-bin/snat.cgi script on Endian Firewall version 3.3.25 or earlier.
Since the vulnerability requires authentication, detection involves verifying if any arbitrary JavaScript code has been injected and stored via the remark parameter.
A practical approach is to perform authenticated requests to the /cgi-bin/snat.cgi endpoint and inspect the remark parameter for suspicious JavaScript code.
- Use curl or similar tools to authenticate and fetch the page, then grep or search for script tags or suspicious JavaScript in the remark parameter.
- Example command to fetch the page (replace USER, PASS, and URL accordingly):
- curl -u USER:PASS https://<firewall-ip>/cgi-bin/snat.cgi | grep -i '<script>'
- Alternatively, use a web vulnerability scanner that supports authenticated scans and can detect stored XSS vulnerabilities.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should restrict access to the affected Endian Firewall interface to trusted users only, as the vulnerability requires authentication.
Avoid using the vulnerable version 3.3.25 or earlier and upgrade to a version where this issue is fixed once available.
In the meantime, monitor and sanitize inputs to the remark parameter if possible, and educate users to avoid clicking on suspicious links that might trigger stored XSS.
Implement web application firewall (WAF) rules to detect and block malicious JavaScript payloads targeting the remark parameter.