Description
Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.
Published: 2026-05-06
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The WatchGuard Agent on Windows contains an incorrect permission assignment in its patch management component that allows an authenticated local user to elevate privileges to NT AUTHORITY\\SYSTEM. This privilege escalation flaw is identified as CWE‑732. An attacker who can authenticate locally can gain full system control, compromising the confidentiality, integrity, and availability of the affected system.

Affected Systems

The vulnerability affects installations of the WatchGuard Agent on Windows. No specific product versions are listed in the advisory, so all versions of the agent that include the vulnerable patch management component are potentially impacted.

Risk and Exploitability

The CVSS score of 7.3 labels the flaw as high severity. The EPSS score is not available and the vulnerability is not listed in CISA KEV, but the requirement for local authentication means that insider or compromised local accounts present a significant risk. Exploitation requires the attacker to be an authenticated local user who can access the patch management component; once the flaw is leveraged, the attacker can obtain SYSTEM privileges.

Generated by OpenCVE AI on May 6, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest patched release of WatchGuard Agent
  • If no patch is available, disable the patch management component or restrict permissions for local users
  • Apply least privilege by ensuring local users cannot access or modify the patch management resource

Generated by OpenCVE AI on May 6, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.
Title WatchGuard Agent on Windows Privilege Escalation Vulnerability
First Time appeared Watchguard
Watchguard single Watchguard Agent
Weaknesses CWE-732
CPEs cpe:2.3:a:watchguard:single_watchguard_agent:*:*:*:*:*:*:*:*
Vendors & Products Watchguard
Watchguard single Watchguard Agent
References
Metrics cvssV4_0

{'score': 7.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Single Watchguard Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-05-06T16:12:23.875Z

Reserved: 2026-04-20T09:57:56.546Z

Link: CVE-2026-41288

cve-icon Vulnrichment

Updated: 2026-05-06T16:12:20.335Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T16:16:10.147

Modified: 2026-05-06T19:07:58.693

Link: CVE-2026-41288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T17:30:08Z

Weaknesses