CVE-2026-6787
Analyzed Analyzed - Analysis Complete
Hard-coded Cryptographic Key in WatchGuard Agent on Windows

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: WatchGuard Technologies, Inc.

Description
Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6787
EUVD
EUVD-2026-27840
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
watchguard agent to 1.25.03.0000 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the use of a hard-coded cryptographic key in the WatchGuard Agent on Windows. Because of this, an attacker can include or inject code into an existing process, potentially compromising the security of the system.

Impact Analysis

The vulnerability can allow an attacker with limited privileges to inject code into an existing process, which may lead to unauthorized actions, data compromise, or further exploitation of the affected system.

Mitigation Strategies

To mitigate the CVE-2026-6787 vulnerability, users should immediately update the WatchGuard Agent software to version 1.25.03.0000 or later.

No workaround is available for this vulnerability, so applying the patch is the only effective mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6787. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart