CVE-2026-13368

Summary

WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in LDAP authentication for the Mobile User VPN with IKEv2. A remote unauthenticated attacker could exploit this vulnerability to execute arbitrary code in the context of the iked process on Fireboxes that have a Mobile VPN with IKEv2 configured to use an external LDAP authentication server.

This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

Affected Software

VendorProductVersion RangeStatus
WatchGuardFireware OS11.10.2 <= 11.12.4+541730affected
WatchGuardFireware OS12.0 <= 12.12unaffected
WatchGuardFireware OS12.5 <= 12.5.18unaffected
WatchGuardFireware OS2025.1 <= 2026.2affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

References