Cyber Posture

CVE-2026-34793

HighPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.2th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which…

more

allows command injection due to an incomplete regular expression validation.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates command injection by requiring comprehensive validation of the DATE parameter before its use in constructing the file path for the Perl open() call.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of the incomplete regular expression validation flaw in logs_firewall.cgi.

AC-6 Least Privilege partial match
prevent

Limits the impact of arbitrary OS command execution by enforcing least privilege on the authenticated CGI process.

Security SummaryAI

CVE-2026-34793 is a command injection vulnerability (CWE-78) in Endian Firewall version 3.3.25 and prior. The issue resides in the /cgi-bin/logs_firewall.cgi script, where the DATE parameter is used to build a file path passed directly to a Perl open() call. Incomplete regular expression validation on this parameter enables authenticated users to inject and execute arbitrary OS commands. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-02T15:16:43.323.

Attackers require only low-privileged authenticated access (PR:L) to exploit this remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Exploitation allows execution of arbitrary OS commands on the firewall appliance, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), such as unauthorized data access, modification, or denial of service.

Advisories providing further details on mitigations and patches are available from Endian at https://help.endian.com/hc/en-us/sections/360004371358-Community and VulnCheck at https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-firewall-cgi-date-perl-command-injection.

Details

CWE(s)
CWE-78

Affected Products

endian
firewall community
≤ 3.3.25

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command injection vulnerability in a remotely accessible web CGI script on a firewall appliance enables exploitation of public-facing applications (T1190) for arbitrary OS command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References