Skip to main content

Firewall Community CVE-2026-34791

| EUVDEUVD-2026-18264 HIGH
OS Command Injection (CWE-78)
2026-04-02 disclosure@vulncheck.com
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 15:22 euvd
EUVD-2026-18264
Analysis Generated
Apr 02, 2026 - 15:22 vuln.today
CVE Published
Apr 02, 2026 - 15:16 nvd
HIGH 8.7

DescriptionCVE.org

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_proxy.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

AnalysisAI

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through the DATE parameter in /cgi-bin/logs_proxy.cgi due to incomplete input validation in Perl open() calls. Attack requires only low-privilege authentication (CVSS PR:L) with network access and no user interaction. No public exploit identified at time of analysis, though the technical details disclosed by VulnCheck provide a clear exploitation path for threat actors.

Technical ContextAI

Endian Firewall is a network security appliance built on Linux that uses CGI scripts for administrative functions. The vulnerability exists in logs_proxy.cgi, where user-supplied DATE parameter values are incorporated into file paths passed directly to Perl's open() function. Perl's open() is notoriously dangerous when handling untrusted input because it interprets pipe characters (|) as shell command execution directives. The application attempted to validate input using a regular expression, but the pattern was incomplete and failed to block malicious payloads. This is a classic instance of CWE-78 (OS Command Injection via Special Elements) where metacharacter filtering is bypassed. The CGI execution context runs with elevated privileges typical of firewall management interfaces, allowing injected commands to execute with system-level access.

RemediationAI

Organizations running affected Endian Firewall Community versions should immediately upgrade to the latest patched release. Consult the official Endian support portal at help.endian.com/hc/en-us/sections/360004371358-Community for version-specific upgrade instructions and security bulletins. As an interim mitigation for environments unable to patch immediately, restrict network access to the firewall's administrative interface (/cgi-bin/ paths) to only trusted administrator IP addresses using firewall rules or access control lists. Monitor authentication logs for unusual access patterns to logs_proxy.cgi and review user account privileges to ensure principle of least privilege is enforced. Implement network segmentation to limit potential lateral movement if the firewall is compromised. Detailed vulnerability analysis is available from VulnCheck at vulncheck.com/advisories/endian-firewall-cgi-bin-logs-proxy-cgi-date-perl-command-injection for technical validation and detection engineering.

CVE-2021-27201 HIGH POC
8.8 Feb 15

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m

CVE-2026-34797 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject ar

CVE-2026-34796 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi

CVE-2026-34795 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to

CVE-2026-34794 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co

CVE-2026-34793 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34792 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34790 HIGH
7.1 Apr 02

Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t

CVE-2026-34821 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34823 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34820 MEDIUM
5.1 Apr 02

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS

CVE-2026-34818 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious

Share

CVE-2026-34791 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy