CVE-2026-34809
Received Received - Intake
Stored XSS in Endian Firewall zonefw.cgi Allows Script Injection

Publication date: 2026-04-02

Last updated on: 2026-04-07

Assigner: VulnCheck

Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-14
NVD
CVE-2026-34809
EUVD
EUVD-2026-18300
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
endian firewall_community to 3.3.25 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2026-34809 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-34809 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier.

The vulnerability occurs because the 'remark' parameter in the /cgi-bin/zonefw.cgi endpoint does not properly neutralize input, allowing an authenticated attacker to inject arbitrary JavaScript code.

This injected code is stored and then executed when other users view the affected page, potentially compromising their security.

Impact Analysis

An attacker who is authenticated can inject malicious JavaScript code that will execute in the browsers of other users viewing the affected page.

This can lead to unauthorized actions performed on behalf of users, theft of sensitive information such as session tokens, or other malicious activities that compromise user security.

The vulnerability has a medium severity with a CVSS v4 base score of 5.1, indicating a moderate impact.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious or unexpected JavaScript code injections in the "remark" parameter of requests to the /cgi-bin/zonefw.cgi endpoint. Since the vulnerability requires authentication, detection should focus on authenticated user activity targeting this endpoint.

Network or system administrators can use web server logs or intrusion detection systems to look for HTTP POST or GET requests containing script tags or JavaScript code in the "remark" parameter.

Example commands to detect potential exploitation attempts might include searching web server logs for suspicious input patterns:

  • grep -i 'remark=.*<script' /var/log/httpd/access_log
  • grep -i 'remark=.*javascript:' /var/log/httpd/access_log

Additionally, monitoring for unusual authenticated user activity on the /cgi-bin/zonefw.cgi endpoint can help identify attempts to exploit this stored XSS vulnerability.

Mitigation Strategies

Immediate mitigation steps include restricting access to the /cgi-bin/zonefw.cgi endpoint to trusted users only, as the vulnerability requires authentication.

Users should prioritize remediation by applying any available patches or updates from Endian Firewall that address this stored cross-site scripting vulnerability.

In the absence of a patch, administrators can implement input validation or sanitization on the "remark" parameter to prevent injection of arbitrary JavaScript code.

Monitoring real-time alerts and logs for suspicious activity related to this endpoint can also help in early detection and response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34809. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart