WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation
Summary
| CVE | CVE-2026-13079 |
|---|---|
| State | PUBLISHED |
| Assigner | WatchGuard |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-03 00:16:50 UTC |
| Updated | 2026-07-10 14:32:03 UTC |
| Description | A local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows allows a local attacker to escalate their privileges to NT AUTHORITY\SYSTEM on the machine where the client is installed. This issue affects the Mobile VPN with SSL client for Windows up to and including 2026.2. |
Risk And Classification
Primary CVSS: v4.0 7.3 HIGH from 5d1c2695-1a31-4499-88ae-e847036fd7e3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.001080000 probability, percentile 0.014260000 (date 2026-07-08)
Problem Types: CWE-732 | CWE-732 CWE-732 Incorrect Permission Assignment for Critical Resource
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | Secondary | 7.3 | HIGH | CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/C... |
| 4.0 | CNA | CVSS | 7.3 | HIGH | CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L |
| 3.1 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
PresentPrivileges Required
LowUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
LowSub Integrity
LowSub Availability
LowCVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Watchguard | Fireboxcloud | - | All | All | All |
| Hardware | Watchguard | Fireboxv | - | All | All | All |
| Hardware | Watchguard | Firebox M270 | - | All | All | All |
| Hardware | Watchguard | Firebox M290 | - | All | All | All |
| Hardware | Watchguard | Firebox M370 | - | All | All | All |
| Hardware | Watchguard | Firebox M390 | - | All | All | All |
| Hardware | Watchguard | Firebox M440 | - | All | All | All |
| Hardware | Watchguard | Firebox M4600 | - | All | All | All |
| Hardware | Watchguard | Firebox M470 | - | All | All | All |
| Hardware | Watchguard | Firebox M4800 | - | All | All | All |
| Hardware | Watchguard | Firebox M5600 | - | All | All | All |
| Hardware | Watchguard | Firebox M570 | - | All | All | All |
| Hardware | Watchguard | Firebox M5800 | - | All | All | All |
| Hardware | Watchguard | Firebox M590 | - | All | All | All |
| Hardware | Watchguard | Firebox M670 | - | All | All | All |
| Hardware | Watchguard | Firebox M690 | - | All | All | All |
| Hardware | Watchguard | Firebox Nv5 | - | All | All | All |
| Hardware | Watchguard | Firebox T20 | - | All | All | All |
| Hardware | Watchguard | Firebox T25 | - | All | All | All |
| Hardware | Watchguard | Firebox T40 | - | All | All | All |
| Hardware | Watchguard | Firebox T45 | - | All | All | All |
| Hardware | Watchguard | Firebox T55 | - | All | All | All |
| Hardware | Watchguard | Firebox T70 | - | All | All | All |
| Hardware | Watchguard | Firebox T80 | - | All | All | All |
| Hardware | Watchguard | Firebox T85 | - | All | All | All |
| Operating System | Watchguard | Fireware | All | All | All | All |
| Application | Watchguard | Mobile Vpn With Ssl | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | WatchGuard | Fireware OS | affected 12.0 12.12 semver | Not specified |
| CNA | WatchGuard | Fireware OS | affected 2025.1 2026.2 semver | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00027 | 5d1c2695-1a31-4499-88ae-e847036fd7e3 | www.watchguard.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: Paul Arzelier, Truesec (en)
There are currently no legacy QID mappings associated with this CVE.