Primary

Context

Garmin WDU Cross-Site Origin WebSocket Hijacking Vulnerability

Vulnerability

A cross-site origin WebSocket hijacking vulnerability has been identified in the Garmin WDU, specifically in versions 1 1.4.6 and 2 5.0. This vulnerability allows a network attacker to gain full control of a WDU by exploiting WebSockets, which are used to manage various settings, including administrative controls. The attack requires the victim to be using a web browser on a multihomed host with local interfaces on the Garmin Marine Network and another network, and to visit a malicious third-party website created by the attacker.

Impact

Exploitation of this vulnerability allows a network attacker to take complete control of the affected WDU device.

Remediation

Users can update to Garmin WDU version 7.00, released on April 2, 2026, which addresses this vulnerability.

Added: May 13, 2026, 9:39 PM

Updated: May 13, 2026, 9:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

5.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

5.8

remediation

0.0

relevance

8.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Garmin WDU Cross-Site Origin WebSocket Hijacking Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Garmin WDU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating