CVE-2026-4266

Published: Mar 30, 2026 Last Modified: Mar 30, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,4

Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3

Attack Vector: local

Attack Complexity: low

Privileges Required: high

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

An Insecure Deserialization vulnerability in WatchGuard Fireware OS allows an attacker that has obtained write access to the local filesystem through another vulnerability to execute arbitrary code in the context of the portald user.This issue affects Fireware OS: 12.1 through 12.11.8 and 2025.1 through 2026.1.2.

Note, this vulnerability does not affect Firebox platforms that do not support the Access Portal feature, including the T-15 and T-35.

502

Deserialization of Untrusted Data

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Availability Other

Potential Impacts:

Modify Application Data Unexpected State Dos: Resource Consumption (Cpu) Varies By Context

Applicable Platforms

Languages: Java, JavaScript, PHP, Python, Ruby

Technologies: AI/ML, ICS/OT, Not Technology-Specific

Likelihood of Exploit: Medium

View CWE Details

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00…

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00007

CVE-2026-4266

Description

Deserialization of Untrusted Data

Common Consequences

Applicable Platforms

Iscriviti alla newsletter