CVE-2026-13084
Received Received - Intake

Null Pointer Dereference in WatchGuard Fireware OS

Vulnerability report for CVE-2026-13084, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: WatchGuard Technologies, Inc.

Description

A null pointer dereference vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to create a denial-of-service (DoS) condition by sending specially crafted IKEv2 messages.Β This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
watchguard fireware_os From 11.10.2 (inc) to 11.12.4_Update1 (inc)
watchguard fireware_os From 12.0 (inc) to 12.12 (inc)
watchguard fireware_os From 12.5 (inc) to 12.5.18 (inc)
watchguard fireware_os From 2025.1 (inc) to 2026.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a null pointer dereference in WatchGuard Fireware OS that allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition.

The attacker can exploit this by sending specially crafted IKEv2 messages to the affected system.

It affects both the Mobile User VPN and Branch Office VPN when configured with a dynamic gateway peer.

The affected Fireware OS versions include 11.10.2 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.

Compliance Impact

The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial-of-service (DoS) condition on your WatchGuard Fireware OS device.

A DoS condition means that the affected VPN services (Mobile User VPN and Branch Office VPN) could become unavailable, disrupting network connectivity and remote access.

Since the attacker does not need to be authenticated, the risk of disruption is higher.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your WatchGuard Fireware OS to a resolved version. The fixed versions include 2026.2.1 for 2025.1, 12.12.1 for 12.x, and 12.5.x for T15 and T35 models.

Note that versions 11.x remain unresolved as they are end-of-life, so consider upgrading to a supported version.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13084. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart