WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI
Advisory ID
WGSA-2026-00009
CVE
CVE-2026-3987
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
8.6
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.
Affected
This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.
Resolution
| Vulnerable Version | Resolved Version |
|---|---|
| 2025.1 | 2026.2 |
| 12.x | 12.12 |
Credits
btaol
Advisory Product List
| Product Family | Product Branch | Product List |
|---|---|---|
Firebox
|
Fireware OS 2025.1.x | T115-W, T125, T125-W, T145, T145-W, T185, M295, M395, M495, M595, M695 |
Firebox
|
Fireware OS 12.x | T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV |