Security Advisory

CVE-2026-34797

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-02 14:45:52

Last updated 2026-04-03 03:55:42

Assigner VulnCheck

State PUBLISHED

Description

Endian Firewall version 3.3.25 and prior allow authenticated users to execute arbitrary OS commands via the DATE parameter to /cgi-bin/logs_smtp.cgi. The DATE parameter value is used to construct a file path that is passed to a Perl open() call, which allows command injection due to an incomplete regular expression validation.

← Browse all CVEs View on cve.org ↗