EUVD-2026-18090
GHSA-8r96-cj5h-474x
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.
Analysis
Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privileged authenticated attackers to execute arbitrary code with elevated system privileges via path traversal in the Web UI. The vulnerability requires high-level administrative access (CVSS PR:H) but presents a direct RCE path once authenticated. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all WatchGuard Firewall OS deployments and identify systems running versions 12.6.1-12.11.8 or 2025.1-2026.1.2. Within 7 days: Implement strict administrative access controls-restrict Web UI admin accounts to trusted networks only, enforce MFA on administrative logins, and disable remote admin access unless operationally critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today