8.4
CVE-2026-4266
- EPSS 0.29%
- Veröffentlicht 30.03.2026 12:38:01
- Zuletzt bearbeitet 30.03.2026 13:26:07
- Quelle 5d1c2695-1a31-4499-88ae-e84703
- CVE-Watchlists
- Unerledigt
WatchGuard Firebox Insecure Deserialization in Fireware Access Portal
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWatchGuard
≫
Produkt
Fireware OS
Default Statusunaffected
Version <=
12.11.8
Version
12.1
Status
affected
Version <=
2026.1.2
Version
2025.1
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.201 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 5d1c2695-1a31-4499-88ae-e847036fd7e3 | 8.4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007