External risk intelligence

Guardian Language System Unauthenticated OS Command Injection via ID Parameter in translate.php

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-34107

The vulnerability exists in a web-based translation script reachable via a GET parameter. As a web application component that is intended to be accessed over the network without authentication, it is commonly deployed as an internet-facing endpoint.

OS Command Injection

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory concerns a critical vulnerability in a language translation system that could allow unauthenticated attackers to execute arbitrary commands on the server. The issue stems from how the system handles user-provided input without proper checks, presenting a significant risk if the affected technology is in use. The main concern is confirming the relevance and exposure of this system within your environment.

  • Unauthenticated command execution in translation tool.
  • Potentially allows remote server compromise.
  • Confirm if this translation system is deployed.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can send a specially crafted request to the translate.php script. By appending shell commands to the `id` parameter, the attacker can trick the script into executing arbitrary operating system commands on the server.

  • No authentication or user interaction needed.
  • Appending shell commands to `id` parameter.
  • Arbitrary OS command execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated remote attacker to execute arbitrary operating system commands on the server. When supported by the advisory, this could affect system data and service behavior.

  • Server operating system commands.
  • Unsanitized GET parameter input.
  • Arbitrary command execution on server.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Guardian language-system's `translate.php` script contains a critical command injection vulnerability. This issue is likely the responsibility of the application owner or platform team, as it affects a web-facing component. The first step is to identify all instances of the affected technology, confirm its exposure and business criticality, and then plan remediation.

  • Application or platform teams own this.
  • Verify reachability and business criticality.
  • Plan remediation based on identified risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Guardian language-system?

The Guardian language-system is a software suite designed to automate text translation tasks. It includes web-based components, such as the translate.php script, which allow users to trigger translation jobs. Organizations typically deploy this system to process multilingual content, relying on its backend integration with server-side tools to handle language conversion requests.

What is the vulnerability in CVE-2026-34107?

This vulnerability is an OS Command Injection, classified as CWE-78. It occurs when a program takes user-provided data and incorporates it into a system command without cleaning or filtering it first. Because the translate.php script directly passes the id parameter to a shell execution function, an attacker can insert extra commands that the server will mistakenly run alongside the intended translation process.

How can an attacker trigger this command injection?

An attacker triggers this flaw by sending a specially crafted web request containing malicious shell characters within the id parameter of translate.php. The bug is triggered automatically whenever the script processes this unsanitized input. It is important to note that this requires no authentication, meaning the script does not need to verify who the user is to be tricked into executing unauthorized commands.

Why should I be concerned about this CVE?

According to Halo Surface Signal, this vulnerability is particularly concerning because it exists in a web-based translation script commonly deployed as an internet-facing endpoint. Because it is reachable over the network without requiring any authentication, it is highly accessible to remote attackers. If your instance is exposed to the internet, it faces a significant risk of unauthorized command execution.

What is the first step to address this issue?

The immediate priority is to locate all deployments of the Guardian language-system within your infrastructure to assess if they are reachable from untrusted networks. Once identified, evaluate the criticality of those instances to your operations. Coordinate with your application or platform teams to prioritize remediation and restrict access to the affected script until a fix can be applied.

References