SYS::ONLINE
Wasteland.
Briefs1077
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-34105 2026-07-01

CVE-2026-34105: Critical SQL Injection in Guardian language-system

"A critical SQL injection flaw in Guardian's language-system lets an attacker inject arbitrary SQL through the `id` parameter of `translate_text.php`, exposing the backend database."

A critical SQL injection flaw in Guardian's language-system lets an attacker inject arbitrary SQL through the id parameter of translate_text.php, exposing the backend database.

What Is It

CVE-2026-34105 is an SQL injection vulnerability (CWE-89) in the Guardian language-system web application. In translate_text.php (line 15), the id GET parameter is passed directly into an unsanitized SQL query:

SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'

Because the input is concatenated without sanitization, an attacker can perform error-based SQL injection to extract database contents. The flaw is exploitable without authentication: the CVSS vector specifies no privileges required (PR:N), and the VulnCheck advisory characterizes the injection as unauthenticated.

Why It Matters

NVD assigns a CVSS 3.1 base score of 9.8 (CRITICAL) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, network-exploitable, low complexity, no privileges or user interaction required, with high confidentiality, integrity, and availability impact. A parallel CVSS 4.0 score of 9.3 (CRITICAL) is also provided. Successful exploitation allows extraction of database contents, exposing potentially sensitive stored data.

What's Vulnerable

Patch Status

No CISA KEV entry was supplied for this CVE, so there is no evidence of confirmed active exploitation and no KEV-mandated remediation action in the provided data. The NVD record lists a vulnerability status of "Deferred" and includes a VulnCheck advisory but no fixed-version or patch reference in the supplied source material. Organizations running the affected code should consult the vendor repository and the VulnCheck advisory below for remediation guidance.

Sources