HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-34102Published Modified CNA VulnCheck

CVE-2026-34102: Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.

Metrics

CVSS v4.0
9.3
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An unauthenticated SQL injection vulnerability exists in Guardian language-system, specifically in the job_info_get.php script where the id GET parameter is passed directly into a SQL query without sanitization. The vulnerability is reachable over the network and requires no authentication or user interaction, derived from the CVSS v4.0 vector (AV:N, PR:N, UI:N). Successful exploitation gives an attacker full read and write access to the underlying database, including all stored records, and can disrupt service availability. HarborGuard tracks this advisory for patch availability, as no fix version has been published upstream.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle Guardian language-system at or below commit e42c395ec4b03fe62973a669c9209a673838b8a4. Any image in a connected registry or CI pipeline flagged as running an affected version is surfaced immediately.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 9.3 (Critical) and weighting it against each customer organization's compliance policy to determine urgency and escalation path. Triage routing can direct the alert to the appropriate team inbox within each org based on image ownership and policy configuration.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix version is released upstream. In the interim, customers with policy controls enabled can apply compensating controls such as network-policy isolation around affected workloads.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint job_info_get.php is exposed over the network, so an attacker must be able to reach the service via HTTP/HTTPS from a remote network position.

  • AuthenticationNot required

    The CVSS v4.0 vector specifies PR:N, meaning no account or credential of any privilege level is needed to exploit the injection; note the description's reference to an authenticated attacker appears inconsistent with this vector.

  • Victim interactionNot required

    The CVSS v4.0 vector specifies UI:N, so the attacker can trigger the injection by sending a crafted HTTP request directly, with no action required from any user of the application.

  • Attack complexityDetail

    The CVSS v4.0 vector specifies AC:L, meaning the exploit is reliable and requires no special timing, race conditions, or environmental prerequisites beyond network access to the endpoint.

Blast Radius

  • An attacker can read the full contents of the jobs database table and any other table reachable via the injection, exposing all stored application records.
  • An attacker can write or modify database rows, allowing manipulation of job listings, user data, or any other persisted content.
  • The attack can disrupt availability of the database layer, causing service outages for the affected application.
  • Because no scope change is indicated (SC:N), impact is confined to the vulnerable system itself, but full compromise of that system's data store is achievable.

How HarborGuard Handles This

Available on HarborGuard: because no fix version exists for CVE-2026-34102 at this time, HarborGuard continuously monitors the upstream advisory and re-evaluates affected images on every ingest cycle. The moment a patched version is published by the Guardian language-system project, a rebuilt image becomes available, and customers with auto-remediation enabled will automatically receive a rebuild, a regression-test run, and a PR opened against affected workloads. While no patch exists, customers running affected images can apply compensating controls such as enforcing network policy to restrict inbound access to the job_info_get.php endpoint, adding a web application firewall rule to block unsanitized id parameter values, or disabling the endpoint entirely if the functionality is not required. This CVE is scored Critical (9.3) so it surfaces at the top of the HarborGuard findings queue and can be routed to the appropriate team based on each organization's compliance policy configuration.

See how HarborGuard automates this
Affected packages
  • guardian / language-system
    ≤ e42c395ec4b03fe62973a669c9209a673838b8a4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N