Skip to main content

Firewall Community CVE-2026-34797

| EUVDEUVD-2026-18276 HIGH
OS Command Injection (CWE-78)
2026-04-02 disclosure@vulncheck.com GHSA-c2cq-vr56-2568
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 02, 2026 - 15:22 euvd
EUVD-2026-18276
Analysis Generated
Apr 02, 2026 - 15:22 vuln.today
CVE Published
Apr 02, 2026 - 15:16 nvd
HIGH 8.7

DescriptionCVE.org

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

AnalysisAI

Remote command execution in Endian Firewall Community Edition 3.3.25 and earlier allows authenticated users to inject arbitrary OS commands through the DATE parameter in /cgi-bin/logs_smtp.cgi. The vulnerability stems from incomplete regular expression validation enabling Perl open() injection. With CVSS 8.7 severity and a low attack complexity (AC:L), this represents a critical post-authentication compromise vector. No public exploit identified at time of analysis, though the technical details disclosed by VulnCheck provide sufficient information for exploit development by threat actors with valid credentials.

Technical ContextAI

This vulnerability exploits a classic Perl open() injection pattern where user-supplied input is insufficiently validated before being passed to file operations. The DATE parameter value is incorporated into a file path string that becomes an argument to Perl's two-argument open() function. In Perl, open() with certain special characters (particularly pipe '|') can execute shell commands instead of opening files. The incomplete regular expression validation fails to properly sanitize shell metacharacters, allowing an authenticated attacker to break out of the intended file path context and inject arbitrary commands. This is a manifestation of CWE-78 (Improper Neutralization of Special Elements used in an OS Command), specifically through the dangerous practice of using user input in Perl open() calls without proper input validation. Endian Firewall is a Linux-based UTM appliance, meaning successful exploitation grants OS-level command execution on the firewall itself, compromising the network security boundary.

RemediationAI

No vendor-released patch identified at time of analysis. Organizations should immediately check the Endian Community support section at https://help.endian.com/hc/en-us/sections/360004371358-Community for updated security advisories and version releases addressing CVE-2026-34797. Until an official patch is available, implement the following risk mitigations: restrict access to the Endian Firewall administrative interface to trusted management networks only, disable external access to CGI endpoints if operationally feasible, implement network-based access controls limiting who can authenticate to the firewall management interface, enforce strong authentication policies including multi-factor authentication if supported, and monitor logs for suspicious POST requests to /cgi-bin/logs_smtp.cgi containing shell metacharacters in the DATE parameter. Consider upgrading to Endian EFW Enterprise if available patches address this issue in commercial versions. Given the authenticated nature of the vulnerability, priority should be placed on credential protection and management network segmentation as interim controls.

CVE-2021-27201 HIGH POC
8.8 Feb 15

Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS commands via shell m

CVE-2026-34796 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall versions ≤3.3.25 allows authenticated users with low privileges to execute arbi

CVE-2026-34795 HIGH
8.7 Apr 02

Remote code execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers with low-level privileges to

CVE-2026-34794 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated attackers to execute arbitrary OS co

CVE-2026-34793 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34792 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall 3.3.25 and earlier allows authenticated users with low privileges to inject

CVE-2026-34791 HIGH
8.7 Apr 02

Remote command execution in Endian Firewall Community ≤3.3.25 allows authenticated users to inject OS commands through t

CVE-2026-34790 HIGH
7.1 Apr 02

Directory traversal in Endian Firewall 3.3.25 and earlier allows authenticated users to delete arbitrary files through t

CVE-2026-34821 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34823 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject arbitrary

CVE-2026-34820 MEDIUM
5.1 Apr 02

Stored cross-site scripting in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious JavaS

CVE-2026-34818 MEDIUM
5.1 Apr 02

Stored cross-site scripting (XSS) in Endian Firewall 3.3.25 and prior allows authenticated attackers to inject malicious

Share

CVE-2026-34797 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy