Cyber Resilience

CVE-2026-3342

High

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0076 50.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-3342 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Watchguard Fireware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 49.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-3342 is an out-of-bounds write vulnerability (CWE-787) in WatchGuard Fireware OS that enables an authenticated privileged administrator to execute arbitrary code with root permissions through an exposed management interface. The issue affects Fireware OS versions 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7, and 2025.1 up to and including 2026.1.1. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Exploitation requires an attacker to possess authenticated privileged administrator credentials and network access to the exposed management interface. Successful exploitation allows arbitrary code execution with root privileges on the affected device, potentially leading to full compromise of the firewall.

For mitigation details, refer to the WatchGuard PSIRT advisory at https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00003.

EU & UK References

Vulnerability details

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to…

more

and including 12.11.7 and 2025.1 up to and including 2026.1.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Out-of-bounds write in exposed management interface allows authenticated admin to escalate directly to root-level arbitrary code execution on the firewall OS.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-14733Same product: Watchguard Firebox M270
CVE-2025-9242Same product: Watchguard Firebox M270
CVE-2016-20044Shared CWE-787
CVE-2026-23326Shared CWE-787
CVE-2024-43077Shared CWE-787
CVE-2024-53697Shared CWE-787
CVE-2025-20890Shared CWE-787
CVE-2026-23073Shared CWE-787
CVE-2025-20708Shared CWE-787
CVE-2025-1471Shared CWE-787

Affected Assets

watchguard
fireware
12.5 — 12.5.17 · 2025.1 — 2026.1.2 · 11.9 — 12.11.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Restricts network exposure of the Fireware management interface, directly blocking the required attack vector for the out-of-bounds write.

prevent

Limits assignment of privileged administrator accounts that are required to trigger arbitrary code execution with root privileges.

prevent

Mandates timely installation of WatchGuard patches that remediate the CWE-787 flaw in affected Fireware versions.

References