PT-2026-29022 · Watchguard · Watchguard Fireware+2
Btaol
·
Published
2026-03-30
·
Updated
2026-03-30
·
CVE-2026-4266
CVSS v4.0
8.4
High
| Vector | AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WatchGuard Fireware OS versions 12.1 through 12.11.8
WatchGuard Fireware OS versions 2025.1 through 2026.1.2
Description
An Insecure Deserialization issue exists in WatchGuard Fireware OS. An attacker gaining write access to the local filesystem through a separate issue can execute arbitrary code as the 'portald' user. This vulnerability does not affect Firebox platforms lacking the Access Portal feature, such as the T-15 and T-35 models.
Recommendations
Update WatchGuard Fireware OS to a version later than 12.11.8.
Update WatchGuard Fireware OS to a version later than 2026.1.2.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firebox T-15
Firebox T-35
Watchguard Fireware