Use-after-free in Fireware OS - CVE-2026-13368
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to use-after-free in LDAP authentication for the Mobile User VPN with IKEv2 when handling authentication requests. A remote attacker can send crafted authentication traffic to execute arbitrary code.
Only Fireboxes configured to use an external LDAP authentication server for Mobile VPN with IKEv2 are vulnerable.