WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware...

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.

Basic Information

ID CVE-2026-3987

Source WatchGuard

Published Apr 1, 2026 at 21:32

Modified Apr 3, 2026 at 03:55

Affected Product

Vendor WatchGuard

Product Fireware OS

Version 12.6.1

Affected Versions WatchGuard Fireware OS 12.6.1
WatchGuard Fireware OS 2025.1

CWE Classification

CWE-22

References

www.watchguard.com /wgrd-psirt/advisory/wgsa-2026-00009

{
    "lastseen": "",
    "description": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.",
    "published": "2026-04-01T21:32:30.426Z",
    "modified": "2026-04-03T03:55:30.681Z",
    "type": "cve",
    "title": "WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI",
    "source": "WatchGuard",
    "references": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009",
    "id": "CVE-2026-3987",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "WatchGuard Fireware OS 12.6.1\nWatchGuard Fireware OS 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fireware OS",
    "version": "12.6.1",
    "vendor": "WatchGuard",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI_CVE-2026-3987