Security Advisory - Published 2026-07-06 - PHP / Database App

Guardian language-system batch: remove public exposure, preserve logs, and check database changes

This July batch covers several Guardian language-system issues in public PHP paths. Treat any internet-facing deployment as urgent until the app is isolated, logs are preserved, and the database has been reviewed.

Defensive scope: check systems you own or are approved to repair. This page stays on exposure review, logs, patching, and compromise indicators.

Affected CVEs in this batch

CVEProductAffectedReviewCVSS
CVE-2026-34099Guardian language-systempublic PHP appjob information lookup9.8
CVE-2026-34100Guardian language-systempublic PHP appmedia lookup9.8
CVE-2026-34101Guardian language-systempublic PHP apptext file lookup9.8
CVE-2026-34102Guardian language-systempublic PHP appjob input lookup9.8
CVE-2026-34103Guardian language-systempublic PHP appsubtitle lookup9.8
CVE-2026-34104Guardian language-systempublic PHP appdesigner lookup9.8
CVE-2026-34105Guardian language-systempublic PHP apptranslation lookup9.8
CVE-2026-34106Guardian language-systempublic PHP appsubtitle rendering job9.8

What to check

  • Whether Guardian language-system is reachable from the public internet, a staging subdomain, or shared hosting.
  • Web server access logs around job, media, text, subtitle, designer, and translation pages.
  • Database query errors, unexpected record changes, new files, and job activity during the exposure window.
  • Scheduler or worker logs if subtitle or file-processing jobs are enabled.

Safe fix path

  1. Move the app behind authentication or take it offline before doing cleanup.
  2. Preserve access logs, error logs, database logs, and a filesystem snapshot before making changes.
  3. Apply vendor remediation when available, or patch the affected code paths with parameterized database access and strict command handling.
  4. Rotate database credentials and app secrets if database or job integrity is uncertain.

Compromise indicators

  • Repeated requests to public lookup or processing pages with unusual input length or encoding.
  • Unexpected database errors, changed translation records, changed job records, or new file records.
  • New files, changed job output, or worker activity that does not match normal translation usage.
  • Credentials or configuration files accessed during the same window.

When to ask Ping7 for repair

Use Ping7 CVE Repair when the app was public, database integrity is unclear, worker jobs may have run unexpectedly, or you need cleanup without losing evidence.

References