Which versions of Fireware Os are affected by EUVD-2026-17079?

WatchGuard Fireware OS contains an insecure deserialization vulnerability (CVE-2026-4266, CVSS 8.4) affecting gateway appliances running versions 12.1-12.11.8 and 2025.1-2026.1.2 with Access Portal…

How to fix or mitigate EUVD-2026-17079?

Within 24 hours: Identify all WatchGuard Fireware OS appliances in your environment using affected versions (12.1-12.11.8, 2025.1-2026.1.2) and confirm Access Portal is enabled; document which models are T-15/T-35 (unaffected). Within 7 days: Restrict local administrative access and SSH/console access to WatchGuard appliances to authorized personnel only; disable unnecessary local accounts and apply principle of least privilege. Within 30 days: Contact WatchGuard for patch availability timeline; evaluate upgrading to versions beyond 12.11.8 or 2026.1.2 when patches are released; consider implementing network segmentation to limit lateral movement if a firewall is compromised.

Fireware Os EUVD-2026-17079

Q: What is the CVSS score of EUVD-2026-17079?

EUVD-2026-17079 has a CVSS 4.0 base score of 8.4 (High). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2026-4266 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-03-30 WatchGuard

Deserialization RCE Fireware Os

8.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.4 HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 30, 2026 - 13:00 euvd

EUVD-2026-17079

Analysis Generated

Mar 30, 2026 - 13:00 vuln.today

CVE Published

Mar 30, 2026 - 12:38 nvd

HIGH 8.4

DescriptionCVE.org

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.

Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

AnalysisAI

Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a filesystem write primitive. Affects Fireware OS versions 12.1 through 12.11.8 and 2025.1 through 2026.1.2 on platforms supporting Access Portal (excludes T-15/T-35 models). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Exploit initial vulnerability

Delivery

Gain write access to local filesystem

Exploit

Craft malicious serialized object

Execution

Place payload in portal configuration

Persist

Trigger deserialization in portald process

Impact

Execute arbitrary code as portald user