OS Command Injection Vulnerability in Guardian Language System by Guardian
CVE-2026-34112

9.3CRITICAL

Key Information:

Vendor

Guardian

Vendor
CVE Published:
1 July 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2026-34112?

The Guardian Language System contains a significant vulnerability that allows an unauthenticated remote attacker to execute arbitrary operating system commands. This security flaw arises from the improper handling of user input through the id GET parameter in the speechmac.php file, leading to unvalidated input being passed into a PHP exec() call. Without proper sanitization, an attacker can manipulate this input by appending shell metacharacters, potentially compromising the server's integrity. The exploitation of this vulnerability poses serious risks, as it enables remote execution of commands without any form of authentication.

Affected Version(s)

language-system 0

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

philopentest
.