Description
Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
Published: 2026-05-06
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Uncontrolled Search Path Element in the WatchGuard Agent’s PluginLauncher enables an attacker to supply a malicious file and have it executed with SYSTEM privileges. If the attacker can place a crafted executable in a directory that the launcher searches, the Agent will run it, leading to full control of the compromised Windows machine. The flaw is a classic code execution vulnerability that threatens confidentiality, integrity, and availability of the affected system, as it grants an attacker the highest local privilege level.

Affected Systems

The vulnerability affects WatchGuard Agent for Windows versions prior to 1.25.03.0000. All installations of the WatchGuard Agent before this release that rely on the default PluginLauncher configuration are at risk, regardless of the operating system patch level.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity flaw. The EPSS value is not available, so the exact exploitation probability is unknown, but the lack of a KEV listing does not reduce the urgency of patching. The most likely attack scenario requires the attacker to supply a malicious file that the PluginLauncher will execute; thus, the vector is inferred to be local privilege escalation through an unverified file path. Given the potential for SYSTEM‑level execution, the risk is significant and warrants immediate remediation.

Generated by OpenCVE AI on May 6, 2026 at 17:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest WatchGuard Agent update (1.25.03.0000 or newer) as recommended by the vendor.
  • Restrict the executable search path by disabling addition of untrusted directories or enforcing path validation in the PluginLauncher configuration.
  • Verify that no residual plugins or directories allow the execution of unsigned or untrusted executables, and remove or isolate them.

Generated by OpenCVE AI on May 6, 2026 at 17:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Description Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000.
Title Uncontrolled search path in PluginLauncher allows SYSTEM code execution in WatchGuard Agent
First Time appeared Watchguard
Watchguard single Watchguard Agent
Weaknesses CWE-427
CPEs cpe:2.3:a:watchguard:single_watchguard_agent:*:*:*:*:*:*:*:*
Vendors & Products Watchguard
Watchguard single Watchguard Agent
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Single Watchguard Agent
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-05-06T16:13:28.284Z

Reserved: 2026-04-21T13:21:21.676Z

Link: CVE-2026-6788

cve-icon Vulnrichment

Updated: 2026-05-06T16:13:24.161Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T16:16:11.780

Modified: 2026-05-06T19:07:58.693

Link: CVE-2026-6788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T17:30:08Z

Weaknesses