{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3987", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "state": "PUBLISHED", "assignerShortName": "WatchGuard", "dateReserved": "2026-03-11T15:01:46.222Z", "datePublished": "2026-04-01T21:32:30.426Z", "dateUpdated": "2026-04-02T13:33:28.155Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fireware OS", "vendor": "WatchGuard", "versions": [{"lessThanOrEqual": "12.11.8", "status": "affected", "version": "12.6.1", "versionType": "semver"}, {"lessThanOrEqual": "2026.1.2", "status": "affected", "version": "2025.1", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.6.1", "versionEndIncluding": "12.11.8", "versionStartIncluding": "12.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "versionEndIncluding": "2026.1.2", "versionStartIncluding": "2025.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "btaol"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.<p>This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.</p>"}], "value": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "WatchGuard is not aware of any exploitation of this issue in the wild."}], "value": "WatchGuard is not aware of any exploitation of this issue in the wild."}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-04-01T21:32:30.426Z"}, "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009"}], "source": {"advisory": "WGSA-2026-0009", "defect": ["FBX-31308"], "discovery": "EXTERNAL"}, "title": "WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T13:29:16.346048Z", "id": "CVE-2026-3987", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:33:28.155Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3987", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-02T13:29:16.346048Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T13:29:22.158Z"}}], "cna": {"title": "WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI", "source": {"defect": ["FBX-31308"], "advisory": "WGSA-2026-0009", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "btaol"}], "impacts": [{"capecId": "CAPEC-165", "descriptions": [{"lang": "en", "value": "CAPEC-165 File Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WatchGuard", "product": "Fireware OS", "versions": [{"status": "affected", "version": "12.6.1", "versionType": "semver", "lessThanOrEqual": "12.11.8"}, {"status": "affected", "version": "2025.1", "versionType": "semver", "lessThanOrEqual": "2026.1.2"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "WatchGuard is not aware of any exploitation of this issue in the wild.", "supportingMedia": [{"type": "text/html", "value": "WatchGuard is not aware of any exploitation of this issue in the wild.", "base64": false}]}], "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.", "supportingMedia": [{"type": "text/html", "value": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.<p>This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.6.1", "vulnerable": true, "versionEndIncluding": "12.11.8", "versionStartIncluding": "12.6.1"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "vulnerable": true, "versionEndIncluding": "2026.1.2", "versionStartIncluding": "2025.1"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-04-01T21:32:30.426Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3987", "state": "PUBLISHED", "dateUpdated": "2026-04-02T13:33:28.155Z", "dateReserved": "2026-03-11T15:01:46.222Z", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "datePublished": "2026-04-01T21:32:30.426Z", "assignerShortName": "WatchGuard"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and including 2026.1.2."}], "id": "CVE-2026-3987", "lastModified": "2026-04-01T22:16:21.350", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}, "published": "2026-04-01T22:16:21.350", "references": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009"}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}

{}

{}