PT-2026-29022 · Watchguard · Watchguard Fireware+2
Btaol
·
Publicado
2026-03-30
·
Atualizado
2026-03-30
·
CVE-2026-4266
CVSS v4.0
8.4
Alta
| Vetor | AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WatchGuard Fireware OS versions 12.1 through 12.11.8
WatchGuard Fireware OS versions 2025.1 through 2026.1.2
Description
An Insecure Deserialization issue exists in WatchGuard Fireware OS. An attacker gaining write access to the local filesystem through a separate issue can execute arbitrary code as the 'portald' user. This vulnerability does not affect Firebox platforms lacking the Access Portal feature, such as the T-15 and T-35 models.
Recommendations
Update WatchGuard Fireware OS to a version later than 12.11.8.
Update WatchGuard Fireware OS to a version later than 2026.1.2.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Firebox T-15
Firebox T-35
Watchguard Fireware