【Vulnerability Alert】WatchGuard Firebox Contains a Critical Cybersecurity Vulnerability (CVE-2026-13368)

publish date : 2026-07-13 update date : 2026-07-13

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026070604072222 Publication Time 2026-07-06 16:27:23
Incident Type ANA-Vulnerability Alert Discovery Time 2026-07-06 16:27:23
Impact Level Low  
[Subject]
【Vulnerability Alert】WatchGuard Firebox Contains a Critical Cybersecurity Vulnerability (CVE-2026-13368)
[Content]

Forwarded from TWCERTCC Cybersecurity Alert TWCERTCC-200-202607-00000002

WatchGuard Firebox is a next-generation firewall product that provides multi-layered protection, including antivirus, IPS, APT blocking, and spam filtering. Recently, WatchGuard issued an announcement regarding a critical cybersecurity vulnerability (CVE-2026-13368, CVSS 4.x: 9.2). This vulnerability originates from a race condition in the LDAP authentication mechanism of Mobile User VPN with IKEv2, resulting in a Use-After-Free vulnerability.

If Firebox has been configured with Mobile User VPN with IKEv2 and uses an external LDAP authentication server, an unauthenticated remote attacker may exploit this vulnerability to execute arbitrary code in the context of the iked process.

Information Sharing Level: WHITE (the intelligence content is information that may be publicly disclosed)

[Affected Platform]

Fireware OS 2025.1 version
Fireware OS 12.x version
Fireware OS 12.5.x (T15&T13) version
Fireware OS 11.x version

[Recommended Actions]

Please update to the following versions: Fireware OS 2026.2.1 version, Fireware OS 12.12.1 version

[Reference]

https://www.twcert.org.tw/tw/cp-169-11022-eee7d-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center