CVE-2026-3342
Received
Received - Intake
Out-of-Bounds Write in WatchGuard Fireware OS Enables Root Code Execution
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: WatchGuard Technologies, Inc.
Description
Description
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.
This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | fireware | From 12.5 (inc) to 12.5.17 (exc) |
| watchguard | fireware | From 2025.1 (inc) to 2026.1.2 (exc) |
| watchguard | fireware | From 11.9 (inc) to 12.11.8 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
