Back to search
CVE-2026-4266
Published: Mar 30, 2026
Modified: Mar 31, 2026
PUBLISHED
Description
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2. Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.
| Vendor | Product | Versions |
|---|---|---|
WatchGuard | Fireware OS | affected 12.1 - <= 12.11.8affected 2025.1 - <= 2026.1.2 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now