Back to overview

CVE-2026-13079

HIGH
7.3
CVSS 4.0
Description
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2.

Metadata

CVE ID
CVE-2026-13079
State
PUBLISHED
Assigner
WatchGuard
Reserved
2026-06-23 18:02 UTC
Published
2026-07-02 23:07 UTC
Last updated
2026-07-02 23:07 UTC
Primary CWE
CWE-732
CWE-732 Incorrect Permission Assignment for Critical Resourc…
Vendor / Product
WatchGuard / Fireware OS
Sources
cve.org  ·  NVD

Severity & Metrics

7.3 HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected products (1)
VendorProductPlatformVersions
WatchGuard Fireware OS 12.0 ≤ 12.12, 2025.1 ≤ 2026.2
Weakness (CWE)
CWESourceDescription
CWE-732 cna CWE-732 Incorrect Permission Assignment for Critical Resource
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.3 HIGH 4.0 cna CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Back to overview