71 matches found
EUVD-2026-41457
A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...
CVE-2026-13373
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13936. This issue affects Fireware O...
CVE-2026-13084
A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...
CVE-2026-13053
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025....
CVE-2026-8247
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1 up to and...
CVE-2026-8247 WatchGuard Firebox admd Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025.1 up to and...
CVE-2026-13084
A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...
CVE-2026-13084 Null Pointer Dereference in WatchGuard Fireware OS iked Process
A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service DoS condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using...
CVE-2026-13375
WatchGuard Fireware OS Autotask Technology Integration module is affected by CVE-2026-13375, a Stored XSS vulnerability. Affected versions are Fireware OS 12.4–12.12, 12.5–12.5.18, and 2025.1–2026.2. Attack vector is NETWORK with low attack complexity and high privileges required; user interactio...
PT-2026-55323
Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.0 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.12 WatchGuard Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write issue exists in the CLI, where an...
PT-2026-55332
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...
PT-2026-55330
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Firewar...
PT-2026-55334
Name of the Vulnerable Software and Affected Versions Fireware OS versions 12.1 through 12.12 Fireware OS versions 2025.1 through 2026.2 Description An Out-of-bounds Write occurs in the ikestubd process, which may allow an authenticated privileged user to execute arbitrary code by sending special...
WatchGuard Fireware OS 安全漏洞
WatchGuard Fireware OS is a software operated by the American company WatchGuard, running on Firebox devices. Versions 12.1 to 12.11.8 and 2025.1 to 2026.1.2 of WatchGuard Fireware OS contain security vulnerabilities due to insecure deserialization, which may allow arbitrary code to be executed i...
CVE-2026-3342
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...
EUVD-2026-9288
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...
CVE-2026-3342 WatchGuard Firebox Out of Bounds Write Vulnerability
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...
PT-2026-22734
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
WatchGuard Fireware OS 安全漏洞
WatchGuard Fireware OS is a software operated by the American company WatchGuard, running on Firebox devices. Vulnerabilities exist in versions 11.9 to 11.12.4Update1, 12.0 to 12.11.7, and 2025.1 to 2026.1.1 of WatchGuard Fireware OS. These vulnerabilities stem from out-of-bound writing, allowing...
CVE-2026-1498
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...