Description
Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
Published: 2026-05-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WatchGuard Agent contains a stack‑based buffer overflow that can be triggered in its discovery service on Windows, leading the agent service to crash. This flaw creates a denial of service without requiring authentication, allowing a local network attacker to interrupt service availability. The weakness is a missing bounds check that allows a malicious packet to overflow the stack, classified as CWE‑121.

Affected Systems

Vendors affected are WatchGuard. The only product identified is the WatchGuard Agent, operating on Windows. No specific version ranges are listed, but all releases of the agent susceptible to the flaw could be impacted.

Risk and Exploitability

With a CVSS score of 7.1 the vulnerability is rated medium‑high severity. No EPSS data is supplied, so the likelihood of exploitation is unknown. The flaw is local‑network bound; an unauthenticated user on the same LAN can craft a request to overflow the buffer. Because the exploit results in a crash rather than code execution, it does not compromise confidentiality or integrity, only disrupts availability. The vulnerability is not currently listed in the CISA KEV catalog, suggesting no publicly known widespread exploitation as of the latest data.

Generated by OpenCVE AI on May 6, 2026 at 15:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the WatchGuard PSIRT advisory and vendor website for a patch or updated agent release that addresses the buffer overflow.
  • If a patch is not immediately available, disable or uninstall the WatchGuard Agent service to prevent crashes from local requests.
  • Configure network perimeter controls to block untrusted local traffic to the agent’s discovery port and monitor the Windows event logs for repeated crash events.
  • Once a patch is issued, validate the update on a test environment before deploying to production.

Generated by OpenCVE AI on May 6, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
Title Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A
First Time appeared Watchguard
Watchguard single Watchguard Agent
Weaknesses CWE-121
CPEs cpe:2.3:a:watchguard:single_watchguard_agent:*:*:*:*:*:*:*:*
Vendors & Products Watchguard
Watchguard single Watchguard Agent
References
Metrics cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Single Watchguard Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-05-06T14:49:34.423Z

Reserved: 2026-04-20T09:57:56.546Z

Link: CVE-2026-41287

cve-icon Vulnrichment

Updated: 2026-05-06T14:49:29.433Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T15:16:10.767

Modified: 2026-05-06T19:07:58.693

Link: CVE-2026-41287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T20:15:15Z

Weaknesses