Critical Remote Code Execution Vulnerability CVE-2026-44257 Disclosed in efwGrp efw4.X Firewall Products

A critical vulnerability, identified as CVE-2026-44257, has been disclosed affecting efwGrp efw4.X versions prior to 4.08.010. The flaw enables remote, unauthenticated command execution through a combination of crafted zip file uploads and path traversal techniques. Security researchers at OffSeq flagged the vulnerability under CWE-77 (improper neutralization of special elements used in a command), signaling severe risk to exposed deployments. Organizations running affected versions are urged to update to version 4.08.010 immediately.

The vulnerability in efwGrp's efw4.X product line leverages insufficient input validation during zip archive processing, allowing attackers to manipulate file paths and overwrite system components without authentication credentials. Path traversal sequences embedded in malicious archives can bypass directory restrictions, facilitating arbitrary command execution at the operating system level. This class of vulnerability is particularly dangerous in network perimeter devices such as firewalls, where successful exploitation could grant attackers persistent access to internal infrastructure.

The disclosure, surfaced via the OffSeq threat intelligence platform, underscores ongoing risks in embedded security appliances where web management interfaces or upload mechanisms frequently become attack vectors. Given the unauthenticated nature of the exploit and the device class in question, internet-facing efwGrp deployments face elevated risk of targeted compromise. Administrators should verify current firmware versions, restrict management interface exposure, and monitor for Indicators of Compromise associated with zip processing anomalies until patching is confirmed.