PT-2026-55326 · Watchguard · Fireware Os
Published
2026-07-02
·
Updated
2026-07-03
·
CVE-2026-13084
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.
This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4 Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fireware Os