CVE-2026-34822
Received Received - Intake
Stored XSS in Endian Firewall Certificate Management Module

Publication date: 2026-04-02

Last updated on: 2026-04-07

Assigner: VulnCheck

Description
Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the new_cert_name parameter to /manage/ca/certificate/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34822
EUVD
EUVD-2026-18326
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
endian firewall_community to 3.3.25 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-34822 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier. It occurs because the application does not properly neutralize input in the new_cert_name parameter of the /manage/ca/certificate/ endpoint.

An authenticated attacker can inject arbitrary JavaScript code via this parameter, which is then stored on the server and executed when other users view the affected page.

Impact Analysis

This vulnerability allows an authenticated attacker to execute arbitrary JavaScript in the context of other users who visit the affected page. This can lead to session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information accessible through the browser.

The CVSS v4 base score of 5.1 indicates a medium severity with low impact on confidentiality, integrity, and availability, but it still poses a risk to user security and trust.

Detection Guidance

This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the new_cert_name parameter within the /manage/ca/certificate/ endpoint on Endian Firewall versions 3.3.25 and earlier.

Since the vulnerability requires authentication, detection involves authenticated access to the affected endpoint and inspecting the new_cert_name parameter for injected JavaScript code.

Specific commands are not provided in the available resources, but a general approach would be to use web application testing tools or scripts to authenticate and then send crafted requests to /manage/ca/certificate/ with various payloads in the new_cert_name parameter to observe if the input is stored and executed.

Mitigation Strategies

Immediate mitigation steps include restricting access to the /manage/ca/certificate/ endpoint to trusted and authenticated users only, as the vulnerability requires authentication.

Additionally, monitoring and sanitizing inputs to the new_cert_name parameter can help prevent injection of malicious scripts.

Applying any available patches or updates from Endian Firewall that address this vulnerability is recommended once they become available.

Compliance Impact

The provided information does not specify how CVE-2026-34822 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34822. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart