Cyber Posture

CVE-2026-3342

High

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3342 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Watchguard Fireware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068).
Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SI-16 Memory Protection
addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in exposed management interface allows authenticated admin to escalate directly to root-level arbitrary code execution on the firewall OS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to…

more

and including 12.11.7 and 2025.1 up to and including 2026.1.1.

Deeper analysisAI

CVE-2026-3342 is an out-of-bounds write vulnerability (CWE-787) in WatchGuard Fireware OS that enables an authenticated privileged administrator to execute arbitrary code with root permissions through an exposed management interface. The issue affects Fireware OS versions 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7, and 2025.1 up to and including 2026.1.1. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

Exploitation requires an attacker to possess authenticated privileged administrator credentials and network access to the exposed management interface. Successful exploitation allows arbitrary code execution with root privileges on the affected device, potentially leading to full compromise of the firewall.

For mitigation details, refer to the WatchGuard PSIRT advisory at https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00003.

Details

CWE(s)
CWE-787

Affected Products

watchguard
fireware
12.5 — 12.5.17 · 2025.1 — 2026.1.2 · 11.9 — 12.11.8

CVEs Like This One

CVE-2025-14733Same product: Watchguard Firebox M270
CVE-2025-9242Same product: Watchguard Firebox M270
CVE-2025-20890Shared CWE-787
CVE-2025-20888Shared CWE-787
CVE-2026-0117Shared CWE-787
CVE-2024-53833Shared CWE-787
CVE-2026-0010Shared CWE-787
CVE-2026-31743Shared CWE-787
CVE-2025-47373Shared CWE-787
CVE-2026-0037Shared CWE-787

References