WatchGuard Firebox Insecure Deserialization in Fireware Access Portal_CVE-2026-4266

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.

Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

Basic Information

ID CVE-2026-4266

Source WatchGuard

Published Mar 30, 2026 at 12:38

Modified Mar 31, 2026 at 03:55

Affected Product

Vendor WatchGuard

Product Fireware OS

Version 12.1

Affected Versions WatchGuard Fireware OS 12.1
WatchGuard Fireware OS 2025.1

CWE Classification

CWE-502

References

www.watchguard.com /wgrd-psirt/advisory/wgsa-2026-00007

{
    "lastseen": "",
    "description": "An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.\n\nNote, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.",
    "published": "2026-03-30T12:38:01.593Z",
    "modified": "2026-03-31T03:55:35.825Z",
    "type": "cve",
    "title": "WatchGuard Firebox Insecure Deserialization in Fireware Access Portal",
    "source": "WatchGuard",
    "references": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007",
    "id": "CVE-2026-4266",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "WatchGuard Fireware OS 12.1\nWatchGuard Fireware OS 2025.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fireware OS",
    "version": "12.1",
    "vendor": "WatchGuard",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}