Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Guardian language‑system allows an attacker to insert shell metacharacters into the id GET parameter of speechmac.php. The value is concatenated directly into a PHP exec() call, permitting arbitrary OS commands to be executed on the host. Because the endpoint is publicly reachable and requires no authentication, any remote user can trigger this insertion and gain full control of the system, exposing all data and potentially enabling further lateral movement.

Affected Systems

The vulnerable component is Guardian language‑system. No specific affected versions are listed in the CNA data, so all current releases of this product may be at risk.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a simple unauthenticated HTTP request to speechmac.php, making exploitation straightforward for anyone who can reach the exposed endpoint.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑provided patch or upgrade to a fixed release of Guardian language‑system.
  • Restrict access to speechmac.php and validate or whitelist the id parameter to prevent command injection.
  • Deploy a web application firewall or input filtering to block malicious characters and patterns before they reach the application.

Generated by OpenCVE AI on July 2, 2026 at 13:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Guardian language-system passes the id GET parameter directly into a PHP exec() call in speechmac.php (line 18) without sanitization: exec(\"php jobs/speech_audio_mac.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
Title Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T17:36:47.407Z

Reserved: 2026-03-25T18:43:09.827Z

Link: CVE-2026-34112

cve-icon Vulnrichment

Updated: 2026-07-01T17:36:44.530Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T13:30:05Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')