Security Advisory Detail

WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation

Advisory ID
WGSA-2026-00027
CVE
CVE-2026-13079
Impact
High
Status
Resolved
Product Family
Firebox
Published Date
Updated Date
Workaround Available
False
CVSS Score
7.3
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Summary

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed.

Affected

This issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2.

Resolution

This vulnerability is resolved in the Mobile VPN with SSL client for Windows version 2026.2.1.

Credits
Paul Arzelier, Truesec
Advisory Product List
Product Family Product Branch Product List
Firebox
Fireware OS 12.5.x T15, T35
Firebox
Fireware OS 2025.1.x T115-W, T125, T125-W, T145, T145-W, T185, M295, M395, M495, M595, M695
Firebox
Fireware OS 12.x T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV