Zero Day MonitorZDM

← Back to list

8.8

CVE-2026-34796EXPLOITED

endian · endian firewall

Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection

Description

A vulnerability identified as critical has been detected in Endian Firewall 3.3.25. This affects the function Open of the file /cgi-bin/logs_openvpn.cgi of the component Regular Expression Handler. This manipulation of the argument Date causes os command injection.

Affected Products

Vendor	Product	Versions
endian	endian firewall	3.3.25

References

https://help.endian.com/hc/en-us/sections/360004371358-Community(release-notes)
https://www.vulncheck.com/advisories/endian-firewall-cgi-bin-logs-openvpn-cgi-date-perl-command-injection(third-party-advisory)

Related News (1 articles)

Tier C

VulDB7h ago

CVE-2026-34796 | Endian Firewall 3.3.25 Regular Expression logs_openvpn.cgi open Date os command injection

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-78

PublishedApr 2, 2026

Last enriched6h agov2

Trending Score45

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34814EXP

Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

HIGHCVE-2026-34790EXP

Endian Firewall /cgi-bin/backup.cgi remove ARCHIVE Directory Traversal

NONECVE-2026-34797EXP

Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

NONECVE-2026-34791EXP

Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

NONECVE-2026-34793EXP

Endian Firewall /cgi-bin/logs_firewall.cgi DATE Perl Command Injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Actively Exploited

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: description, severity, activelyExploited

Apr 2, 2026

Version History

v2

Last enriched 6h ago

v2Tier C7h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v17h ago

Initial creation