CVE-2026-34818
Stored XSS in Endian Firewall DNSMasq Localdomains Module
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34818 affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-34818 is a stored cross-site scripting (XSS) vulnerability affecting Endian Firewall versions 3.3.25 and earlier.
The vulnerability occurs because the "remark" parameter in the /manage/dnsmasq/localdomains/ endpoint does not properly neutralize input, allowing an authenticated attacker to inject arbitrary JavaScript code.
This injected code is stored on the server and executed when other users view the affected page, potentially compromising their interaction with the system.
How can this vulnerability impact me? :
An attacker with authentication privileges can inject malicious JavaScript code that will execute in the browsers of other users who view the affected page.
This can lead to unauthorized actions performed on behalf of users, theft of sensitive information, session hijacking, or other malicious activities depending on the injected script.
The vulnerability has a medium severity with a CVSS v4 base score of 5.1, indicating a moderate impact on confidentiality and integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves stored cross-site scripting (XSS) via the remark parameter in the /manage/dnsmasq/localdomains/ endpoint of Endian Firewall versions 3.3.25 and earlier.
Detection can involve checking for suspicious or unexpected JavaScript code injected into the remark parameter on the affected endpoint.
Since the vulnerability requires authentication, monitoring authenticated requests to /manage/dnsmasq/localdomains/ for unusual or script-containing input in the remark parameter can help detect exploitation attempts.
Specific commands are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update Endian Firewall to a version later than 3.3.25, as the vulnerability is fixed in versions beyond this.
Until an update can be applied, restrict access to the /manage/dnsmasq/localdomains/ endpoint to trusted authenticated users only.
Implement input validation or sanitization on the remark parameter if possible, to prevent injection of arbitrary JavaScript.