NULL pointer dereference in Fireware OS - CVE-2026-13084
Published: July 3, 2026
Fireware OS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in the iked service when handling specially crafted IKEv2 messages. A remote attacker can send specially crafted IKEv2 messages to cause a denial of service.
The issue affects Mobile User VPN with IKEv2 and Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.