Description
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
Published: 2026-05-06
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists because WatchGuard Agent uses a hard‑coded cryptographic key, allowing an attacker to inject arbitrary code into the existing agent process. This flaw permits code execution with the privileges that the agent runs under. The weakness is classified as CWE‑321, indicating insecure key management.

Affected Systems

Versions of WatchGuard Agent for Windows that are older than 1.25.03.0000 are affected. All installations of the single WatchGuard Agent product distributed by WatchGuard prior to this release are susceptible.

Risk and Exploitability

The CVSS score of 8.5 reflects a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the lack of those metrics does not lower the risk. Based on the description, the likely attack vector is the delivery of a specially crafted payload that exploits the hard‑coded cryptographic key to evade integrity checks; the attack could be local or remote, depending on the agent’s network exposure. The exploitation would require the attacker to gain access to the agent’s input channel.

Generated by OpenCVE AI on May 6, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WatchGuard Agent to version 1.25.03.0000 or later to remove the hard‑coded cryptographic key.
  • If an upgrade cannot be performed immediately, temporarily disable or uninstall the WatchGuard Agent to reduce attack surface.
  • Monitor for signs of unauthorized code execution or persistence.

Generated by OpenCVE AI on May 6, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
Title Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process
First Time appeared Watchguard
Watchguard single Watchguard Agent
Weaknesses CWE-321
CPEs cpe:2.3:a:watchguard:single_watchguard_agent:*:*:*:*:*:*:*:*
Vendors & Products Watchguard
Watchguard single Watchguard Agent
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Single Watchguard Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-05-06T16:11:58.312Z

Reserved: 2026-04-21T13:21:17.555Z

Link: CVE-2026-6787

cve-icon Vulnrichment

Updated: 2026-05-06T16:11:54.880Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T16:16:11.643

Modified: 2026-05-06T19:07:58.693

Link: CVE-2026-6787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T19:45:10Z

Weaknesses