CVE-2026-1498

216.73.216.6

· Published 30/01/2026 13:15 · Modified 30/01/2026 13:15

Labels: CVE-2026-1498 2026-01-30 5d1c2695-1a31-4499-88ae-e847036fd7e3 CVE-2026-1498 CWE-90

Essential information

Published: 30/01/2026 13:15
Modified: 30/01/2026 13:15
Author: —
Creator: —
CVSS: 7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
NVD: View on NVD

Affected products (CPE)

Product	CPE
watchguard / fireware os	`cpe:2.3:a:watchguard:fireware_os:12.0-12.11.6:::::::*`
watchguard / fireware os	`cpe:2.3:a:watchguard:fireware_os:12.5-12.5.15:::::::*`
watchguard / fireware os	`cpe:2.3:a:watchguard:fireware_os:2025.1-2026.0:::::::*`