CVE-2026-34796 is an OS command injection vulnerability identified in Endian Firewall, specifically affecting version 3.3.25 and earlier. The flaw exists in the handling of the DATE parameter within the /cgi-bin/logs_openvpn.cgi script. This parameter is used to construct a file path that is subsequently passed to a Perl open() function call. Due to incomplete and insufficient regular expression validation of the DATE parameter, an authenticated user can inject special characters or command sequences that alter the intended file path operation, resulting in arbitrary OS command execution. The vulnerability requires authentication but does not require user interaction beyond that. The CVSS 4.0 base score is 8.7, reflecting the high impact on confidentiality, integrity, and availability, as the attacker can execute arbitrary commands with the privileges of the web server process, potentially leading to full system compromise. No patches or exploit code are currently publicly available, and no known active exploitation has been reported. The vulnerability is categorized under CWE-78 (Improper Neutralization of Special Elements used in an OS Command).

If exploited, this vulnerability allows an authenticated attacker to execute arbitrary operating system commands on the Endian Firewall device. This can lead to complete compromise of the firewall, including unauthorized access to network traffic, manipulation or disruption of firewall rules, data exfiltration, and pivoting to other internal systems. The integrity and availability of the firewall and protected networks can be severely impacted. Given the critical role of firewalls in network security, exploitation could result in significant organizational risk, including data breaches, service outages, and loss of trust. The requirement for authentication limits exposure somewhat, but insider threats or compromised credentials increase risk. The lack of user interaction and low attack complexity make this vulnerability attractive for attackers once exploit code becomes available.

Organizations should immediately upgrade Endian Firewall to a version later than 3.3.25 once a patch is released. In the absence of an official patch, administrators should restrict access to the /cgi-bin/logs_openvpn.cgi endpoint to trusted users only and enforce strong authentication and credential management to reduce the risk of unauthorized access. Network segmentation and firewall rules should limit access to the management interface. Monitoring and logging should be enhanced to detect suspicious command execution or anomalous activity on the firewall device. If possible, disable or restrict the vulnerable CGI script until a fix is available. Additionally, conduct regular audits of firewall configurations and credentials to prevent misuse. Employ application-layer firewalls or intrusion prevention systems to detect and block command injection attempts targeting this endpoint.