OS Command Injection Vulnerability in Guardian Language System by Guardian
CVE-2026-34117
Key Information:
- Vendor
Guardian
- Status
- Vendor
- CVE Published:
- 1 July 2026
Badges
What is CVE-2026-34117?
The Guardian Language System introduces a vulnerability where the id GET parameter is directly passed to a PHP exec() call within the text_to_subtitles.php script without proper sanitization. This flaw allows an unauthenticated remote attacker to inject shell metacharacters, enabling them to execute arbitrary operating system commands on the server. The lack of authentication means that attackers can exploit this vulnerability without needing to log in, posing a significant risk to the integrity and security of affected systems.
Affected Version(s)
language-system 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
