CVE-2026-6787
Hard-coded Cryptographic Key in WatchGuard Agent on Windows
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: WatchGuard Technologies, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| watchguard | agent | to 1.25.02.0000 (inc) |
| watchguard | agent | to 1.25.03.0000 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the use of a hard-coded cryptographic key in the WatchGuard Agent on Windows. Because of this, an attacker can include or inject code into an existing process, potentially compromising the security of the system.
How can this vulnerability impact me? :
The vulnerability can allow an attacker with limited privileges to inject code into an existing process, which may lead to unauthorized actions, data compromise, or further exploitation of the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-6787 vulnerability, users should immediately update the WatchGuard Agent software to version 1.25.03.0000 or later.
No workaround is available for this vulnerability, so applying the patch is the only effective mitigation.