CVE-2026-13079 PUBLISHED

WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation

Assigner: WatchGuard
Reserved: 23.06.2026 Published: 02.07.2026 Updated: 02.07.2026

A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed.

This issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSS Score: 7.3

Product Status

Vendor WatchGuard
Product Fireware OS
Versions Default: unaffected
  • affected from 12.0 to 12.12 (incl.)
  • affected from 2025.1 to 2026.2 (incl.)

Credits

  • Paul Arzelier, Truesec finder

References

Problem Types

  • CWE-732 Incorrect Permission Assignment for Critical Resource CWE

Impacts

  • CAPEC-17 Using Malicious Files