CVE-2026-34109
CRITICAL
NVD
CVSS Score
9.8
Severity
CRITICAL
Published
Jul 01, 2026
Vendor
unknown
Description
Guardian language-system passes the id GET parameter directly into a PHP exec() call in speech.php (line 18) without sanitization: exec(\"php jobs/speech_audio.php \".$login_session.\" \".$_GET['id'].\" ...\"). No authentication is required. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.