Download our Latest Industry Report – Continuous Offensive Security Outlook 2026

Download Report
Back to Vulnerability List

WatchGuard: WatchGuard Fireware OS: Authenticated Out-of-Bounds Write — Root Code Execution

CVE-2026-3342 High Published
CVSS
7.2 High · Network · High PR
EPSS
0.00042 0.0% chance of exploit in 30d
CWE
CWE-787 Out-of-bounds Write
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Per NVD: “An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.”

Affected Packages / Versions

  • Package: WatchGuard Fireware OS (—)
  • Latest published version at triage time: Per NVD: 11.12.4_Update1, 12.11.7, 2026.1.1 (track-dependent)
  • Affected range: Per NVD: Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7, and 2025.1 up to and including 2026.1.1.
  • Patched version: See WatchGuard advisory WGSA-2026-00003 (vendor advisory page was JS-rendered at fetch time)

Impact

Per NVD: full CIA on the firewall once exploited. The vendor advisory page (WGSA-2026-00003) is the authoritative reference but was JS-rendered at the time of generation; reviewer should validate specific patched-version numbers against the loaded advisory.

Severity Rationale

NVD CVSS 7.2 (High): network AV, low complexity, but high privileges (authenticated privileged administrator) required, no UI, full CIA. The PR:H weighting tempers an otherwise critical primitive.

Fix

Apply the WatchGuard security update referenced by WGSA-2026-00003. Reviewer to confirm patched versions against the loaded vendor advisory before publication.

Disclosure timeline

  • TBDReported to vendor
  • TBDPatch released (WGSA-2026-00003)
  • Mar 1, 2026Public disclosure (per Praetorian cve-research listing)

Fix Commit(s)

    References

    Discovered by Praetorian Labs · Published April 29, 2026