Watchguard CVEs & Vulnerabilities

8 CVEs affecting Watchguard products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

agent 5firebox t20 3firebox m5800 3firebox t125 3firebox m470 3firebox m695 3firebox t70 3firebox t115-w 3
CVE-2026-6788HIGH

Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.

6 May 2026
7.8
CVSS
CVE-2026-6787HIGH

Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.

6 May 2026
7.8
CVSS
CVE-2026-41288HIGH

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.

6 May 2026
7.8
CVSS
CVE-2026-41286MEDIUM

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

6 May 2026
6.5
CVSS
CVE-2026-41287MEDIUM

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

6 May 2026
6.5
CVSS
CVE-2026-3344MEDIUM

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.

3 Mar 2026
4.9
CVSS
CVE-2026-3343MEDIUM

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

3 Mar 2026
6.1
CVSS
CVE-2026-3342HIGH

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

3 Mar 2026
7.2
CVSS
← PrevPage 1 / 1Next →