CVE-2026-4315 WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI

A Cross-Site Request Forgery CSRF vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service DoS condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11....

CVE-2026-4266 WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1...

CVE-2026-3344

Watching WatchGuard Fireware OS has a vulnerability (CVE-2026-3344) that allows bypassing the filesystem integrity check and maintaining limited persistence via a maliciously-crafted firmware update package. Affected versions are: Fireware OS 12.0–12.11.7, 12.5.9–12.5.16, and 2025.1–2026.1.1. The...

CVE-2026-3342

Technical details about CVE-2026-3342 are not provided in the supplied documents. Monitor for updates from WatchGuard advisory; no public details on affected firmware behavior, exploit methods, or fixes are disclosed here.

CVE-2026-3342

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...

PT-2026-22732

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.9 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.7 WatchGuard Fireware OS versions 2025.1 through 2026.1.1 Description An Out-of-bounds Write vulnerability exists in WatchGuard...

Exploit for Out-of-bounds Write in Watchguard Fireware

CVE-2025-14733 — WatchGuard Firebox iked Out-of-Bounds Write A...

CVE-2026-1498

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

EUVD-2026-5033

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

PT-2026-5396

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.6 WatchGuard Fireware OS versions 12.5 through 12.5.15 WatchGuard Fireware OS versions 2025.1 through 2026.0 Description A flaw exists in WatchGuard Fireware OS that could allow a remote,...

CVE-2025-1071

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.This issue affects Firewa...

CVE-2025-1547

A stack-based buffer overflow vulnerability CWE-121 in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through...

CVE-2025-14733

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

CVE-2025-14733

WatchGuard Fireware OS is affected by CVE-2025-14733 (Out-of-bounds Write in the iked process) that enables remote unauthenticated code execution when Mobile User VPN (IKEv2) or Branch Office VPN (IKEv2) is configured with a dynamic gateway peer. Affected versions include Fireware OS 11.10.2–11.1...

EUVD-2025-204437

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability...

CVE-2025-13937

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025...

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

CVE-2025-12195

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includi...

EUVD-2025-201301

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Autotask Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

CVE-2025-13940

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...