CVE-2026-4266

UNKNOWN 0.0

WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

CWE	CWE-502
Vendor	watchguard
Product	fireware os
Published	Mar 30, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for watchguard fireware os

Be the first to know when new unknown vulnerabilities affecting watchguard fireware os are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

WatchGuard / Fireware OS

12.1 ≤ 12.11.8 2025.1 ≤ 2026.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

watchguard.com: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007

Credits

btaol