CVE-2026-34822
Stored XSS in Endian Firewall Certificate Management Module
Publication date: 2026-04-02
Last updated on: 2026-04-07
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endian | firewall_community | to 3.3.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-34822 is a stored cross-site scripting (XSS) vulnerability in Endian Firewall versions 3.3.25 and earlier. It occurs because the application does not properly neutralize input in the new_cert_name parameter of the /manage/ca/certificate/ endpoint.
An authenticated attacker can inject arbitrary JavaScript code via this parameter, which is then stored on the server and executed when other users view the affected page.
How can this vulnerability impact me? :
This vulnerability allows an authenticated attacker to execute arbitrary JavaScript in the context of other users who visit the affected page. This can lead to session hijacking, unauthorized actions performed on behalf of users, or theft of sensitive information accessible through the browser.
The CVSS v4 base score of 5.1 indicates a medium severity with low impact on confidentiality, integrity, and availability, but it still poses a risk to user security and trust.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the stored cross-site scripting (XSS) payload in the new_cert_name parameter within the /manage/ca/certificate/ endpoint on Endian Firewall versions 3.3.25 and earlier.
Since the vulnerability requires authentication, detection involves authenticated access to the affected endpoint and inspecting the new_cert_name parameter for injected JavaScript code.
Specific commands are not provided in the available resources, but a general approach would be to use web application testing tools or scripts to authenticate and then send crafted requests to /manage/ca/certificate/ with various payloads in the new_cert_name parameter to observe if the input is stored and executed.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /manage/ca/certificate/ endpoint to trusted and authenticated users only, as the vulnerability requires authentication.
Additionally, monitoring and sanitizing inputs to the new_cert_name parameter can help prevent injection of malicious scripts.
Applying any available patches or updates from Endian Firewall that address this vulnerability is recommended once they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how CVE-2026-34822 affects compliance with common standards and regulations such as GDPR or HIPAA.