Description
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.
Published: 2026-04-01
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

A path traversal flaw in the Fireware OS Web UI can be leveraged by an authenticated user with privileged permissions to overwrite arbitrary files on the device. This vulnerability enables the execution of code within the context of an elevated system process, providing the attacker with full control of the firewall. The CVE description explicitly states the potential for arbitrary code execution, while the broader impacts on confidentiality, integrity, and availability are inferred based on the nature of the code execution flaw.

Affected Systems

WatchGuard Fireware OS installations on Firebox devices, including all releases from version 12.6.1 through 12.11.8 and from 2025.1 through 2026.1.2.

Risk and Exploitability

The CVSS base score of 8.6 indicates a high severity vulnerability. Exploit probability data from EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. The flaw requires remote access to the Web UI and valid credentials with elevated privileges; thus, the attack vector is remote authenticated. Once an attacker authenticates, they can exploit the path traversal to place malicious files that the system process will execute.

Generated by OpenCVE AI on April 2, 2026 at 05:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Fireware OS firmware update that includes the fix (versions newer than 12.11.8 or 2026.1.2).
  • Verify the firmware update by checking the system’s version information.
  • Restrict access to the Web UI to trusted internal networks and enforce strong authentication.

Generated by OpenCVE AI on April 2, 2026 at 05:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.
Title WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI
First Time appeared Watchguard
Watchguard fireware Os
Weaknesses CWE-22
CPEs cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.6.1
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1
Vendors & Products Watchguard
Watchguard fireware Os
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Fireware Os
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-04-03T03:55:30.681Z

Reserved: 2026-03-11T15:01:46.222Z

Link: CVE-2026-3987

cve-icon Vulnrichment

Updated: 2026-04-02T13:29:22.158Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-01T22:16:21.350

Modified: 2026-04-03T16:10:52.680

Link: CVE-2026-3987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:16:08Z

Weaknesses