WatchGuard published security advisories for multiple Fireware OS vulnerabilities affecting Firebox appliances and related deployments, and the Canadian Centre for Cyber Security urged organizations to apply updates. The issues include an out-of-bounds write that could allow a privileged, authenticated administrator to achieve root-level arbitrary code execution via an exposed management interface (CVE-2026-3342), and a filesystem integrity check bypass that could allow an attacker to maintain limited persistence by using a maliciously crafted firmware update package (CVE-2026-3344). A separate advisory also notes a reflected XSS issue in the Fireware Web UI (CVE-2026-3343).
Affected versions span multiple Fireware OS branches, including 12.0–12.11.7, 12.5.9–12.5.16 (T15/T35 models), and 2025.1–2026.1.1, with additional impact noted for 11.x in the out-of-bounds write advisory (11.x is end-of-life). WatchGuard’s fixes are available in 12.11.8, 12.5.17, and 2026.1.2 (depending on branch/model), and no workaround was listed for the integrity-check bypass or out-of-bounds write issues; organizations should prioritize patching and ensure management interfaces are not unnecessarily exposed.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
18 events from the most recent confirmed update back to the earliest known activity.
WatchGuard published PSIRT advisory WGSA-2026-00022 for a firmware image validation bypass vulnerability affecting Firebox devices running Fireware OS. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00024 for a null pointer dereference vulnerability affecting the Firebox iked component. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00019 for a stored cross-site scripting vulnerability affecting SIP Proxy configuration on Firebox devices. This is a new vendor disclosure separate from the other March, April, and July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00020 for an out-of-bounds write vulnerability affecting the Firebox ikestubd component. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00029 for an out-of-bounds write vulnerability affecting the Firebox networkd component. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00014 for a denial-of-service vulnerability caused by unsafe deserialization in the Firebox Management Web UI on Firebox devices. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00017 for a stored cross-site scripting vulnerability affecting the Autotask Technology Integration configuration on Firebox devices. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00026 for an out-of-bounds write vulnerability affecting the Firebox admd component on Firebox devices. This is a new vendor disclosure separate from the March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00021 for an out-of-bounds write vulnerability affecting the Firebox wgagent component. This is a new vendor disclosure separate from the March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00018 for a stored cross-site scripting vulnerability affecting the spamBlocker module on Firebox devices. This is a new vendor disclosure separate from the earlier March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00023 for a race condition and use-after-free vulnerability affecting Firebox Mobile VPN with IKEv2 LDAP authentication. This is a new vendor disclosure separate from the March, April, and other July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00016 for a stored cross-site scripting vulnerability affecting the ConnectWise Technology Integration configuration on Firebox devices. This is a new vendor disclosure separate from the earlier March, April, and July 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00030 for an authenticated out-of-bounds write vulnerability in the Firebox Management CLI command handler on Firebox devices. This is a new vendor disclosure separate from the March and April 2026 Firebox advisories already in the timeline.
WatchGuard published PSIRT advisory WGSA-2026-00009 for an arbitrary file write vulnerability via path traversal in the Fireware Web UI on Firebox devices. The advisory represents a new vendor disclosure distinct from the earlier March 2026 Firebox advisories.
WatchGuard published PSIRT advisory WGSA-2026-00007 for an insecure deserialization vulnerability affecting the Fireware Access Portal on Firebox devices. The advisory constitutes a new vendor disclosure separate from the earlier March advisories and the same-day CSRF advisory.
WatchGuard published PSIRT advisory WGSA-2026-00006 for a Cross-Site Request Forgery vulnerability affecting the Fireware Web UI on Firebox devices. The advisory represents a new vendor disclosure and likely includes affected versions and remediation guidance separate from the earlier March advisories.
The Canadian Centre for Cyber Security published advisory AV26-189 highlighting WatchGuard's disclosures and urging administrators to review the advisories and apply updates. Its notice summarized three issues affecting Firebox devices, including an out-of-bounds write flaw, a reflected XSS issue in the Fireware Web UI, and a system integrity check bypass.
WatchGuard published security advisories for multiple vulnerabilities affecting Firebox devices running Fireware OS, including an out-of-bounds write flaw and a system integrity check bypass. The advisories indicated affected versions prior to 11.12.4_Update1, 12.11.8, 2026.1.2, and 12.5.17, implying updates were available to remediate the issues.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
25 references tracked. Mallory keeps watching after this page renders.
cybersecuritynews.com
Open sourcewatchguard.com
Open sourcewatchguard.com
Open sourcewatchguard.com
Open sourcewatchguard.com
Open sourcecyber.gc.ca
Open sourcewatchguard.com
Open sourcewatchguard.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.