CVE-2026-34793

HighPublic PoCRCE

Published: 02 April 2026

Published

02 April 2026

Modified

07 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0046 64.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34793 is a high-severity OS Command Injection (CWE-78) vulnerability in Endian Firewall Community. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 35.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly mitigates command injection by requiring comprehensive validation of the DATE parameter before its use in constructing the file path for the Perl open() call.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and patching of the incomplete regular expression validation flaw in logs_firewall.cgi.

AC-6 Least Privilege partial match

prevent

Limits the impact of arbitrary OS command execution by enforcing least privilege on the authenticated CGI process.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

Command injection vulnerability in a remotely accessible web CGI script on a firewall appliance enables exploitation of public-facing applications (T1190) for arbitrary OS command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_firewall.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which…

allows command injection due to an incomplete regular expression validation.

Deeper analysisAI

CVE-2026-34793 is a command injection vulnerability (CWE-78) in Endian Firewall version 3.3.25 and prior. The issue resides in the /cgi-bin/logs_firewall.cgi script, where the DATE parameter is used to build a file path passed directly to a Perl open() call. Incomplete regular expression validation on this parameter enables authenticated users to inject and execute arbitrary OS commands. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-04-02T15:16:43.323.

Attackers require only low-privileged authenticated access (PR:L) to exploit this remotely over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Exploitation allows execution of arbitrary OS commands on the firewall appliance, resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H), such as unauthorized data access, modification, or denial of service.

Advisories providing further details on mitigations and patches are available from Endian at https://help.endian.com/hc/en-us/sections/360004371358-Community and VulnCheck at https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-firewall-cgi-date-perl-command-injection.