CVE-2026-34104: Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An unauthenticated SQL injection vulnerability exists in Guardian language-system, affecting all versions up to and including commit e42c395ec4b03fe62973a669c9209a673838b8a4. The flaw is reachable over the network with no credentials required, as the name GET parameter in designer.php is passed directly into a SQL query without sanitization. Successful exploitation gives an attacker read and write access to the underlying database, and can also disrupt service availability. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment upstream publishes a fix.
HarborGuard Coverage
Detection of CVE-2026-34104 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images derived from affected versions of guardian/language-system. Any image found to carry the vulnerable commit range is flagged immediately in the customer registry and pipeline scan results.
AvailableHarborGuard scores this finding at CVSS 9.3 Critical and weights it against each environment's configured compliance policy to determine urgency and routing. The finding is surfaced to the team inbox or ticketing integration configured for the affected workload, ensuring the right engineers see it without manual triage overhead.
AvailableBecause no upstream fix has been published for CVE-2026-34104, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix version is released. Until then, customers with auto-remediation enabled will receive compensating-control recommendations, such as network-policy isolation of the affected workload and egress filtering on database connections, surfaced directly in the remediation workflow.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable designer.php endpoint is exposed over the network, so an attacker must be able to send HTTP requests to the host.
- AuthenticationNot required
No credentials are needed; the CVSS vector specifies PR:N, meaning any anonymous HTTP request can trigger the injection. Note: the description mentions 'authenticated attacker' but the CVSS vector (PR:N) authoritatively indicates no authentication is required to exploit this vector.
- Victim interactionNot required
No user action or social engineering is needed; the attacker sends a crafted request directly to the endpoint.
- Attack complexityDetail
Attack complexity is Low (AC:L), meaning the exploit is reliable and requires no special timing, race conditions, or environmental setup beyond network access to the service.
Blast Radius
- Reads all data stored in the database, including credentials, session tokens, and any application records.
- Modifies or deletes persisted database rows, allowing an attacker to tamper with application data or destroy records entirely.
- Crashes or degrades the database service, taking down dependent application functionality.
How HarborGuard Handles This
Available on HarborGuard: CVE-2026-34104 is being actively monitored across all customer environments where guardian/language-system images are present. Because no upstream fix exists at this time, HarborGuard re-checks the advisory on every ingest cycle and will trigger an automatic patched-image rebuild and, for customers with auto-remediation enabled, a regression-test run and a PR opened against affected workloads as soon as a fix version is published. In the interim, HarborGuard surfaces compensating-control guidance directly in the triage workflow: recommended mitigations include restricting network-policy access to the designer.php endpoint, placing the affected service behind an authenticated reverse proxy or WAF rule that blocks unsanitized query strings, and applying egress filtering on database connections to limit lateral movement if the host is compromised. Where compliance policy permits, these recommendations can be promoted to automated enforcement actions within the HarborGuard remediation pipeline.
- guardian / language-system≤ e42c395ec4b03fe62973a669c9209a673838b8a4
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N