CVE-2026-3987

Published: Apr 02, 2026 Last Modified: Apr 02, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3

Attack Vector: network

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: AI/ML

Likelihood of Exploit: High

View CWE Details

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00…

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009

CVE-2026-3987

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter