CVE-2026-34819
Stored XSS in Endian Firewall openvpnclient.cgi Allows Script Injection
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34819 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier. It occurs in the /cgi-bin/openvpnclient.cgi script via the REMARK parameter.
An authenticated attacker can inject arbitrary JavaScript code through this parameter. This malicious code is stored on the server and executed when other users view the affected page.
This vulnerability is classified under CWE-79, which involves improper neutralization of input during web page generation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an authenticated attacker to inject and store arbitrary JavaScript code that executes when other users view the affected page, impacting the confidentiality and integrity of the system to a limited extent.
Such impacts on confidentiality and integrity could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure system integrity.
However, the provided information does not explicitly detail the direct effects on compliance with these standards.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an authenticated attacker to inject and execute arbitrary JavaScript code on the affected system.
The execution of this malicious code can affect the confidentiality and integrity of the system to a limited extent.
Because the attack requires low complexity, privileges, and user interaction, it poses a moderate risk to users who access the vulnerable page.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the vulnerable Endian Firewall version 3.3.25 or earlier and by inspecting the /cgi-bin/openvpnclient.cgi endpoint for the REMARK parameter that may contain injected JavaScript code.
Since the vulnerability involves stored cross-site scripting via the REMARK parameter, detection can involve reviewing HTTP requests and responses to /cgi-bin/openvpnclient.cgi for suspicious or unexpected JavaScript code.
Suggested commands to help detect the vulnerability include using curl or wget to send authenticated requests to the vulnerable endpoint and inspecting the response for injected scripts.
- curl -u <username>:<password> 'http://<firewall-ip>/cgi-bin/openvpnclient.cgi' -d 'REMARK=<test_script>'
- grep -i '<script>' /var/log/httpd/access_log
- Review the web interface manually for any unexpected JavaScript execution on the OpenVPN client page.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /cgi-bin/openvpnclient.cgi endpoint to trusted users only, as the vulnerability requires authentication.
Additionally, monitor and sanitize any input to the REMARK parameter to prevent injection of malicious JavaScript.
Applying any available patches or upgrading to a version of Endian Firewall later than 3.3.25 is strongly recommended to fully remediate the vulnerability.
As a temporary workaround, consider disabling the OpenVPN client web interface if it is not in use.