Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
CVE-2026-13368: WatchGuard Firebox: Unauthenticated Code Execution via IKEv2 LDAP Auth
CVE-2026-13368
CVE-2026-13368
Summary
A vulnerability in WatchGuard Firebox's Mobile User VPN with IKEv2 allows an attacker to run unauthorized code on affected devices. This affects WatchGuard Firebox devices using IKEv2 with an external LDAP server for authentication. To stay secure, update your Firebox devices to the latest version of Fireware OS.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| watchguard | fireware os | <= 11.12.4+541730 |
Original title
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit...
Original description
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server.
This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
Vulnerability type
CWE-416
Use After Free
- https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00023 vendor-advisory
Published: 3 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026