Race Condition Vulnerability in WatchGuard Fireware OS Affecting LDAP Authentication
CVE-2026-13368
9.2CRITICAL
What is CVE-2026-13368?
WatchGuard Fireware OS is susceptible to a use-after-free vulnerability stemming from a race condition in LDAP authentication specifically for the Mobile User VPN utilizing IKEv2. This flaw enables remote unauthenticated attackers to potentially execute arbitrary code within the context of the iked process on affected Fireboxes that are configured to use an external LDAP authentication server for mobile VPN connections.
Affected Version(s)
Fireware OS 11.10.2 <= 11.12.4+541730
Fireware OS 2025.1 <= 2026.2
Fireware OS 12.0
