Privilege Escalation Vulnerability in WatchGuard Agent for Windows
CVE-2026-41288

7.3HIGH

Key Information:

Vendor: Watchguard
Status: Watchguard Agent
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-41288?

A vulnerability exists in the patch management component of the WatchGuard Agent on Windows, where incorrect permission assignments allow an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM. This security flaw poses a significant risk, enabling potential attackers to gain unauthorized access and control over system-level operations, thereby compromising the integrity and security of the affected system.

Affected Version(s)

WatchGuard Agent Windows 0 < 1.25.03.0000

References

https://www.watchguard.com/wgrd-psirt/advisory/WGSA-2026-...

CVSS V4

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
Apr 20, 2026

CVE-2026-41288 Data

JSON

Watchguard

What is CVE-2026-41288?

Affected Version(s)

References

CVSS V4

Timeline