Local Privilege Escalation Vulnerability in WatchGuard Mobile VPN for Windows
CVE-2026-13079

7.3HIGH

Key Information:

Vendor

Watchguard

Vendor
CVE Published:
2 July 2026

What is CVE-2026-13079?

A local privilege escalation vulnerability exists in the WatchGuard Mobile VPN with SSL client for Windows that enables an attacker with local access to elevate their privileges to that of NT AUTHORITY\SYSTEM. This issue impacts versions up to and including 2026.2, potentially allowing unauthorized users to gain elevated permissions and execute malicious activities on the affected system.

Affected Version(s)

Fireware OS 12.0 <= 12.12

Fireware OS 2025.1 <= 2026.2

References

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Paul Arzelier, Truesec
.