Description
Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.
Published: 2026-03-30
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting (XSS)
Action: Apply Patch
AI Analysis

Impact

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross‑site scripting flaw in the /cgi‑bin/vpnmain.cgi script. The VPN_IP parameter is not properly sanitized, which allows an authenticated user to inject arbitrary JavaScript into VPN configuration settings. When other users view the affected page, the malicious script executes within their browsers, potentially exposing credentials or session data.

Affected Systems

The vulnerability affects all Smoothwall Express builds with a version number less than 3.1 Update 13, including releases 3.1 Update 0 through Update 12 and any older pre‑3.1 versions. System administrators should confirm the exact build in use and plan an update.

Risk and Exploitability

The flaw has a CVSS base score of 5.1, indicating moderate risk. The EPSS score is below 1 %, implying a low probability of exploitation. It is not listed in the CISA KEV catalog. An attacker must first authenticate to the management interface and possess permissions to modify VPN settings in order to inject malicious code; thus the threat requires insider or compromised‑user access rather than remote exploitation. Nonetheless, the stored XSS can lead to credential theft and session hijacking for other users viewing the vulnerable page.

Generated by OpenCVE AI on April 14, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Smoothwall Express 3.1 Update 13 or a newer version.
  • Restrict access to the VPN configuration interface so that only privileged users can edit the VPN_IP parameter.
  • If an immediate update is not possible, block or remove the vulnerable /cgi‑bin/vpnmain.cgi script from the production environment.

Generated by OpenCVE AI on April 14, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Smoothwall smoothwall Express
CPEs cpe:2.3:o:smoothwall:smoothwall_express:*:*:*:*:*:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update10:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update11:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update12:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update1:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update2:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update3:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update4:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update5:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update6:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update7:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update8:*:*:-:*:*:*
cpe:2.3:o:smoothwall:smoothwall_express:3.1:update9:*:*:-:*:*:*
Vendors & Products Smoothwall smoothwall Express

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Smoothwall
Smoothwall express
Vendors & Products Smoothwall
Smoothwall express

Mon, 30 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 17:00:00 +0000

Type Values Removed Values Added
Description Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.
Title Smoothwall Express < 3.1 Update 13 Stored XSS in vpnmain.cgi via VPN_IP Parameter
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Smoothwall Express Smoothwall Express
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T18:09:05.294Z

Reserved: 2026-02-13T17:28:43.057Z

Link: CVE-2026-26352

cve-icon Vulnrichment

Updated: 2026-03-30T18:08:53.779Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T17:16:14.363

Modified: 2026-04-14T16:34:30.427

Link: CVE-2026-26352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:45:09Z

Weaknesses