WatchGuard Agent on Windows Privilege Escalation Vulnerability

Advisory ID

WGSA-2026-00012

CVE

CVE-2026-41288

Impact

High

Status

Resolved

Product Family

Other Software

Published Date

2026-05-06

Updated Date

2026-05-06

Workaround Available

False

CVSS Score

7.3

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Summary

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM.

Affected

This vulnerability affects the WatchGuard Agent on Windows versions up to and including 1.25.02.0000.

Resolution

This vulnerability is resolved in the WatchGuard Agent on Windows version 1.25.03.0000.

Advisory Product List

Product Family	Product Branch	Product List
Other Software	WatchGuard Agent (Windows)	WatchGuard Agent (Windows)

Liste consultative

Go to