Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Admin authentication (PR:H) is explicitly required per description; availability-only crash impact (A:H) with no confidentiality or integrity loss (C:N/I:N).
Primary rating from Vendor (WatchGuard).
CVSS VectorVendor: WatchGuard
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.
AnalysisAI
Denial-of-service in WatchGuard Fireware OS Management Web UI allows an authenticated administrator to crash the management service by submitting crafted input to the put_data endpoint, which performs unsafe deserialization of attacker-controlled data (CWE-502). The CVSS 4.0 vector (PR:H, VA:H) confirms that exploitation is restricted to administrator-level accounts and results in availability loss only - no confidentiality or integrity impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires valid administrator-level credentials for the Fireware Management Web UI, confirmed by both the vulnerability description and the CVSS 4.0 PR:H metric - standard user or lower-privilege accounts are insufficient to reach the vulnerable endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 6.9 with vector AV:N/PR:H/VA:H accurately reflects a moderate-priority issue with a hard ceiling on real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained WatchGuard administrator credentials through phishing, credential stuffing, or insider access connects remotely to the Fireware Management Web UI and submits a specially crafted malformed serialized payload to the put_data endpoint. The unsafe deserialization routine crashes, taking the management interface offline and preventing administrators from modifying firewall policy or responding to concurrent security incidents. … |
| Remediation | Consult the WatchGuard PSIRT advisory at https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00014 for the specific patched Fireware OS version and upgrade instructions - exact fix version numbers are not independently confirmed from the available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Fireware Os
View allRemote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticate
Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sendi
Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allo
Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bo
Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises fr
Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted C
Arbitrary file write in the WatchGuard Fireware OS Management Web UI lets a privileged, authenticated administrator esca
Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privi
Firmware signature validation bypass in WatchGuard Fireware OS lets an authenticated administrator upload a tampered fir
Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a
Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an
Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) le
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41447
GHSA-hprc-6hj7-jj8j