CVE-2026-4266
HIGHWatchGuard Firebox Insecure Deserialization in Fireware Access Portal
Title source: cnaDescription
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007
Scores
CVSS v4
8.4
EPSS
0.0029
EPSS Percentile
20.1%
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (2)
WatchGuard/Fireware OS
12.1 - 12.11.8
WatchGuard/Fireware OS
2025.1 - 2026.1.2
Published
Mar 30, 2026
Tracked Since
Mar 30, 2026