CVE-2026-8247
Received Received - Intake

Out-of-bounds Write in WatchGuard Fireware OS

Vulnerability report for CVE-2026-8247, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: WatchGuard Technologies, Inc.

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker on the same local network segment to execute arbitrary code. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
watchguard fireware_os to 11.12.4_Update1 (inc)
watchguard fireware_os to 12.12 (inc)
watchguard fireware_os From 12.5 (inc) to 12.5.18 (inc)
watchguard fireware_os to 2026.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-8247 is an Out-of-bounds Write vulnerability found in the WatchGuard Firebox admd component of Fireware OS. This flaw allows an unauthenticated attacker on the same local network segment to potentially execute arbitrary code by exploiting the improper handling of memory boundaries.

The vulnerability affects multiple versions of Fireware OS, including versions 11.0 through 11.12.4_Update1, 12.0 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2.

Impact Analysis

This vulnerability can have a significant impact as it allows an attacker who is on the same local network segment and unauthenticated to execute arbitrary code on the affected device.

Successful exploitation could lead to full compromise of the affected Firebox appliance, potentially allowing the attacker to control network traffic, disrupt services, or gain unauthorized access to internal network resources.

Mitigation Strategies

To mitigate the CVE-2026-8247 vulnerability, you should upgrade your WatchGuard Fireware OS to a fixed version where the vulnerability is resolved.

  • For 2025.1.x versions, upgrade to 2026.2.1.
  • For 12.x versions, upgrade to 12.12.1.
  • For 12.5.x versions, upgrade to 12.5.19 (applicable to T15 & T35 models).

Note that the 11.x branch is end-of-life and remains unresolved, so consider upgrading to a supported version.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart