Zero Day MonitorZDM

← Back to list

6.4

CVE-2026-34818EXPLOITED

endian · endian firewall

Endian Firewall /manage/dnsmasq/localdomains/ remark Stored Cross-Site Scripting

Description

A vulnerability described as problematic has been identified in Endian Firewall 3.3.25. Affected by this vulnerability is an unknown functionality of the file /manage/dnsmasq/localdomains/ of the component Parameter Handler. Such manipulation of the argument remark leads to cross site scripting. This vulnerability is documented as CVE-2026-34818. The attack can be executed remotely.

Affected Products

Vendor	Product	Versions
endian	endian firewall	3.3.25

References

https://help.endian.com/hc/en-us/sections/360004371358-Community(release-notes)
https://www.vulncheck.com/advisories/endian-firewall-manage-dnsmasq-localdomains-remark-stored-cross-site-scripting(third-party-advisory)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-34818 | Endian Firewall 3.3.25 Parameter localdomains remark cross site scripting

→ No new info (linked only)

CVSS 3.16.4 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedApr 2, 2026

Last enriched3h agov2

Trending Score42

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34797EXP

Endian Firewall /cgi-bin/logs_smtp.cgi DATE Perl Command Injection

HIGHCVE-2026-34791EXP

Endian Firewall /cgi-bin/logs_proxy.cgi DATE Perl Command Injection

HIGHCVE-2026-34814EXP

Endian Firewall /cgi-bin/proxygroup.cgi group Stored Cross-Site Scripting

HIGHCVE-2026-34794EXP

Endian Firewall /cgi-bin/logs_ids.cgi DATE Perl Command Injection

HIGHCVE-2026-34796EXP

Endian Firewall /cgi-bin/logs_openvpn.cgi DATE Perl Command Injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Actively Exploited

Apr 2, 2026

Updated: description, activelyExploited

Apr 2, 2026

Version History

v2

Last enriched 3h ago

v2Tier C3h ago

Updated description with more technical detail, marked exploit availability as false, and noted that the vulnerability is actively exploited.

descriptionactivelyExploited

via VulDB

v13h ago

Initial creation