CVE Catalog

CVE-2026-13383

HighCVSS 8.6
Published: Translated: NVD NIST

Summary

An Out-of-bounds Write vulnerability in the WatchGuard Fireware OS ikestubd process allows an authenticated privileged user to execute arbitrary code via specially crafted requests to the Management Web UI.

Risk Assessment

An attacker with administrative privileges can take full control of the device, compromising the confidentiality, integrity, and availability of the network protected by WatchGuard.

Recommendation

Immediately upgrade Fireware OS to a version later than 12.12 and 2026.2 as per vendor guidance. Restrict access to the Management Web UI to trusted IP addresses only.

Original NVD description (English source)

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS