CVE-2026-13079
HIGH
7.3
CVSS 4.0
Description
A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed.
This issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2.
Metadata
Severity & Metrics
7.3
HIGH CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| WatchGuard | Fireware OS | — | 12.0 ≤ 12.12, 2025.1 ≤ 2026.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-732 | cna | CWE-732 Incorrect Permission Assignment for Critical Resource |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.3 | HIGH | 4.0 | cna | CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |