Unrated severityNVD Advisory· Published Mar 30, 2026· Updated Mar 31, 2026
WatchGuard Firebox Insecure Deserialization in Fireware Access Portal
CVE-2026-4266
Description
An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.
Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2>=12.1 <=12.11.8, >=2025.1 <=2026.1.2+ 1 more
- (no CPE)range: >=12.1 <=12.11.8, >=2025.1 <=2026.1.2
- (no CPE)range: 12.1
Patches
Vulnerability mechanics
References
1- www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007mitrevendor-advisory
News mentions
0No linked articles in our index yet.