—

CVE-2026-3987EXPLOITEDPATCHED

watchguard · fireware os

WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

Description

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.

Affected Products

Vendor	Product	Versions
watchguard	fireware os	12.6.1, 2025.1

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
watchguard	firebox	cert_advisory	90%

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009

Related News (4 articles)

Tier D

Heise Security5h ago

Angreifer können Weboberfläche von WatchGuard Firebox attackieren

→ No new info (linked only)

Tier B

CCCS Canada4d ago

WatchGuard security advisory (AV26-309)

→ No new info (linked only)

Tier B

BSI Advisories4d ago

[NEU] [mittel] WatchGuard Firebox: Schwachstelle ermöglicht Codeausführung

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-3987 | WatchGuard Fireware OS up to 12.11.8/2026.1.2 Web UI path traversal (wgsa-2026-00009)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

12.12

CWECWE-22, CWE-20

PublishedApr 1, 2026

Last enriched5h agov6

Community Vote

Vulnerability Timeline

CVE Published

Apr 1, 2026

Discovered by ZDM

Apr 1, 2026

Updated: description, severity

Apr 2, 2026

Updated: description, severity, exploitAvailable, activelyExploited

Apr 2, 2026

Updated: affectedVersions, severity

Apr 2, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Updated: cweIds, tags

Apr 6, 2026

Updated: severity, patchAvailable

Apr 6, 2026

Version History

Last enriched 5h ago

v6Tier D5h ago

Updated severity to HIGH and added patch available version 12.12.

severitypatchAvailable

via Heise Security

v5Tier D5h ago

Updated severity to HIGH, added patch version 12.12, and included new CWE IDs and CVE tags.

cweIdstags

via Heise Security

v4Tier B4d ago

Updated severity to HIGH and added affected versions 12.11.8 and 2026.1.2.

affectedVersionsseverity

via CCCS Canada

v3Tier B4d ago

Updated description with new technical details, changed severity to HIGH, and marked the vulnerability as actively exploited with an exploit available.

descriptionseverityexploitAvailableactivelyExploited

via BSI Advisories

v2Tier C4d ago

Updated severity to CRITICAL, corrected exploit availability to false, and provided a more detailed description.

descriptionseverity

via VulDB

v14d ago

Initial creation

WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

Description

Affected Products

Also Affects

References

Related News (4 articles)

Community Vote

Related CVEs (3)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History