CVE-2026-13368
WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authentication
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
| CWE | CWE-416 |
| Vendor | watchguard |
| Product | fireware os |
| Published | Jul 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for watchguard fireware os
Be the first to know when new unknown vulnerabilities affecting watchguard fireware os are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
WatchGuard / Fireware OS
11.10.2 โค 11.12.4+541730 2025.1 โค 2026.2
References
Credits
Cody Sixteen