An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
History

Mon, 06 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 02 Jul 2026 23:30:00 +0000

Type Values Removed Values Added
Description An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.
Title WatchGuard Firebox wgagent Out of Bounds Write Vulnerability
First Time appeared Watchguard
Watchguard fireware Os
Weaknesses CWE-787
CPEs cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.1
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1
Vendors & Products Watchguard
Watchguard fireware Os
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published: 2026-07-02T23:05:59.971Z

Updated: 2026-07-07T03:56:37.194Z

Reserved: 2026-06-25T22:44:10.384Z

Link: CVE-2026-13384

cve-icon Vulnrichment

Updated: 2026-07-06T14:32:53.936Z

cve-icon NVD

No data.

cve-icon Redhat

No data.