Primary

Context

WatchGuard Fireware OS Insecure Deserialization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability allowing insecure deserialization has been identified in WatchGuard Fireware OS. This issue enables an attacker with write access to the local filesystem, obtained through another vulnerability, to execute arbitrary code as the 'portald' user. The vulnerability affects Fireware OS versions 12.1 to 12.11.8 and 2025.1 to 2026.1.2. However, Firebox platforms that do not support the Access Portal feature, such as the T-15 and T-35, are not affected.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of code with the privileges of the 'portald' user.

Remediation

Users can upgrade to Fireware OS 2026.2 or 12.12 to address this vulnerability.

Added: Mar 30, 2026, 1:19 PM

Updated: Mar 30, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

3.9

remediation

7.7

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

3.9

remediation

7.7

relevance

4.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WatchGuard Fireware OS Insecure Deserialization Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

WatchGuard Fireware OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating