Main Vulnerability Database Vulnerabilities #VU122143

#VU122143 LDAP injection in Fireware OS - CVE-2026-1498

Published: January 30, 2026

Vulnerability identifier: #VU122143

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-1498

CWE-ID: CWE-90

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Fireware OS

Software vendor:
WatchGuard

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation when processing DLAP queries. A remote non-authenticated attacker can send a specially crafted LDAP query to the application via an exposed authentication or management interface, bypass authentication process and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

#VU122143 LDAP injection in Fireware OS - CVE-2026-1498

Description

Remediation

External links

Please verify you're human