CVE-2026-4266

216.73.217.22

· Published 30/03/2026 13:16 · Modified 30/03/2026 13:26

Labels: CVE-2026-4266 2026-03-30 5d1c2695-1a31-4499-88ae-e847036fd7e3 CVE-2026-4266 CWE-502

Essential information

Published: 30/03/2026 13:16
Modified: 30/03/2026 13:26
Author: —
Creator: —
CVSS: 8.4 HIGH (v3) 8.4 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

NVD status

Status: Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3
NVD: View on NVD

Affected products (CPE)

Product	CPE
watchguard / fireware os	`cpe:2.3:a:watchguard:fireware_os:12.1-12.11.8:::::::*`
watchguard / fireware os	`cpe:2.3:a:watchguard:fireware_os:2025.1-2026.1.2:::::::*`