CVE-2026-34803 is a stored cross-site scripting (XSS) vulnerability affecting Endian Firewall version 3.3.25 and prior. The flaw exists due to improper neutralization of user-supplied input in the 'name' parameter on the /manage/qos/classes/ endpoint. Specifically, the application fails to sanitize or encode input correctly before embedding it into the web page, allowing an authenticated attacker to inject arbitrary JavaScript code. This malicious script is stored persistently and executed in the browsers of other users who visit the affected page, potentially leading to session hijacking, theft of sensitive information, or execution of unauthorized actions with the victim’s privileges. The vulnerability requires the attacker to be authenticated but does not require elevated privileges, making it accessible to any logged-in user. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, but user interaction is needed (victim must view the malicious page). The scope is limited to the Endian Firewall management interface, and the impact affects confidentiality and integrity primarily. No known public exploits have been reported yet, but the vulnerability is publicly disclosed and should be addressed promptly. The lack of an official patch link suggests that users must monitor vendor updates or apply workarounds.

The impact of this vulnerability is significant for organizations using Endian Firewall 3.3.25 or earlier, especially those with multiple administrators or users accessing the management interface. Successful exploitation can lead to session hijacking, allowing attackers to impersonate legitimate users and potentially gain further access or control. It can also facilitate theft of sensitive configuration data or credentials, and enable unauthorized actions such as modifying firewall rules or network policies. This undermines the confidentiality and integrity of the firewall management environment, potentially leading to broader network compromise. Since the vulnerability requires authentication, the risk is somewhat mitigated, but insider threats or compromised credentials increase exposure. The stored nature of the XSS means multiple users can be affected once the malicious script is injected. Given the critical role of firewalls in network security, exploitation could have cascading effects on organizational security posture.

To mitigate this vulnerability, organizations should first check for and apply any official patches or updates from Endian addressing CVE-2026-34803. If no patch is available, administrators should restrict access to the firewall management interface to trusted users only and consider network segmentation or VPN access to limit exposure. Implement strict input validation and output encoding on the 'name' parameter in the /manage/qos/classes/ page if custom modifications or WAF rules are possible. Monitoring and logging user activities on the management interface can help detect suspicious behavior. Educate users about the risks of XSS and encourage them to report unexpected behavior. Additionally, consider deploying Content Security Policy (CSP) headers to reduce the impact of injected scripts. Regularly review and rotate credentials to minimize risks from compromised accounts. Finally, limit the number of users with access to the management interface to reduce the attack surface.