VYPR
Unrated severityNVD Advisory· Published Mar 30, 2026· Updated Mar 31, 2026

WatchGuard Firebox Insecure Deserialization in Fireware Access Portal

CVE-2026-4266

Description

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.

Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • WatchGuard/Firewarellm-fuzzy2 versions
    >=12.1 <=12.11.8, >=2025.1 <=2026.1.2+ 1 more
    • (no CPE)range: >=12.1 <=12.11.8, >=2025.1 <=2026.1.2
    • (no CPE)range: 12.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.