Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.2

CVE-2026-13368: WatchGuard Firebox: Unauthenticated Code Execution via IKEv2 LDAP Auth

CVE-2026-13368 CVE-2026-13368
Summary

A vulnerability in WatchGuard Firebox's Mobile User VPN with IKEv2 allows an attacker to run unauthorized code on affected devices. This affects WatchGuard Firebox devices using IKEv2 with an external LDAP server for authentication. To stay secure, update your Firebox devices to the latest version of Fireware OS.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versions
watchguard fireware os <= 11.12.4+541730
Original title
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit...
Original description
WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server.

This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
Vulnerability type
CWE-416 Use After Free
Published: 3 Jul 2026 · Updated: 3 Jul 2026 · First seen: 2 Jul 2026