Techtimes
Critical IKEv2 RCE Vulnerability in WatchGuard Firebox Devices Exploited
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
WatchGuard Technologies released patches on July 2, 2026, for a critical remote code execution vulnerability (CVE-2026-13368) affecting all supported Firebox firewall models. This flaw, linked to a race condition in the LDAP authentication path of the IKEv2 protocol, allows unauthenticated attackers to execute arbitrary code. It is the third critical vulnerability in the same VPN daemon discovered in ten months, with previous flaws leading to active exploitation. Over 100,000 devices are at risk, particularly those configured to use external LDAP for Mobile User VPN authentication. Patches are available for most models, but legacy T15 and T35 models remain unpatched. Administrators are urged to apply updates immediately due to the high risk of exploitation.
Key Points: • CVE-2026-13368 allows unauthenticated remote code execution on Firebox devices. • Over 100,000 devices are exposed, with patches available for most models except legacy ones. • This is the third critical vulnerability in the same VPN daemon within ten months.