{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1498", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "state": "PUBLISHED", "assignerShortName": "WatchGuard", "dateReserved": "2026-01-27T17:23:30.578Z", "datePublished": "2026-01-30T13:02:59.561Z", "dateUpdated": "2026-02-02T16:32:46.653Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fireware OS", "vendor": "WatchGuard", "versions": [{"lessThanOrEqual": "12.11.6", "status": "affected", "version": "12.0", "versionType": "semver"}, {"lessThanOrEqual": "12.5.15", "status": "affected", "version": "12.5", "versionType": "semver"}, {"lessThanOrEqual": "2026.0", "status": "affected", "version": "2025.1", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0", "versionEndIncluding": "12.11.6", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5", "versionEndIncluding": "12.5.15", "versionStartIncluding": "12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "versionEndIncluding": "2026.0", "versionStartIncluding": "2025.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.<p>This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.</p>"}], "value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0."}], "impacts": [{"capecId": "CAPEC-136", "descriptions": [{"lang": "en", "value": "CAPEC-136 LDAP Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-01-30T13:02:59.561Z"}, "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"}], "source": {"advisory": "WGSA-2026-00001", "defect": ["FBX-31010"], "discovery": "INTERNAL"}, "title": "WatchGuard Firebox LDAP Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-30T14:13:16.323800Z", "id": "CVE-2026-1498", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-02T16:32:46.653Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1498", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-30T14:13:16.323800Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-30T14:13:22.731Z"}}], "cna": {"title": "WatchGuard Firebox LDAP Injection", "source": {"defect": ["FBX-31010"], "advisory": "WGSA-2026-00001", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-136", "descriptions": [{"lang": "en", "value": "CAPEC-136 LDAP Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WatchGuard", "product": "Fireware OS", "versions": [{"status": "affected", "version": "12.0", "versionType": "semver", "lessThanOrEqual": "12.11.6"}, {"status": "affected", "version": "12.5", "versionType": "semver", "lessThanOrEqual": "12.5.15"}, {"status": "affected", "version": "2025.1", "versionType": "semver", "lessThanOrEqual": "2026.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.", "supportingMedia": [{"type": "text/html", "value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.<p>This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-90", "description": "CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0", "vulnerable": true, "versionEndIncluding": "12.11.6", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5", "vulnerable": true, "versionEndIncluding": "12.5.15", "versionStartIncluding": "12.5"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "vulnerable": true, "versionEndIncluding": "2026.0", "versionStartIncluding": "2025.1"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-01-30T13:02:59.561Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1498", "state": "PUBLISHED", "dateUpdated": "2026-02-02T16:32:46.653Z", "dateReserved": "2026-01-27T17:23:30.578Z", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "datePublished": "2026-01-30T13:02:59.561Z", "assignerShortName": "WatchGuard"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase.This issue affects Fireware OS: from 12.0 through 12.11.6, from 12.5 through 12.5.15, from 2025.1 through 2026.0."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n LDAP en WatchGuard Fireware OS puede permitir a un atacante remoto no autenticado recuperar informaci\u00f3n sensible de un servidor de autenticaci\u00f3n LDAP conectado a trav\u00e9s de una interfaz web de autenticaci\u00f3n o gesti\u00f3n expuesta. Esta vulnerabilidad tambi\u00e9n puede permitir a un atacante remoto autenticarse como un usuario LDAP con un identificador parcial si adicionalmente tienen la frase de contrase\u00f1a v\u00e1lida de ese usuario. Este problema afecta a Fireware OS: desde 12.0 hasta 12.11.6, desde 12.5 hasta 12.5.15, desde 2025.1 hasta 2026.0."}], "id": "CVE-2026-1498", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}, "published": "2026-01-30T13:15:54.560", "references": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001"}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-90"}], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:09:40.579065+00:00", "value": {"mitigation_remediation": ["Upgrade to a Fireware OS release that includes the patch for CVE\u20112026\u20111498", "Restrict unauthenticated access to the authentication and management web interfaces from external networks", "Implement firewall or ACL rules to block or filter LDAP request traffic that originates from untrusted sources"], "summary": {"action": "Patch", "impact": "Remote LDAP Injection leading to Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected system is WatchGuard Fireware OS. Vulnerable releases include versions 12.0 through 12.11.6, 12.5 through 12.5.15, and 2025.1 through 2026.0.", "description_and_impact": "An LDAP Injection flaw in WatchGuard Fireware OS allows a remote unauthenticated attacker to retrieve sensitive data from a connected LDAP authentication server via the exposed authentication or management web interface. The injection can also be leveraged to authenticate as an LDAP user with a partial identifier if the attacker already possesses that user\u2019s passphrase. This vulnerability is rooted in improper input validation in LDAP queries, exposing confidentiality and potentially authorizing malicious access.", "risk_and_exploitability": "The CVSS base score is 7, indicating high severity, while the EPSS score of less than 1% suggests the likelihood of exploitation is still low. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector involves a remote attacker sending crafted LDAP search strings via the unauthorized web interface, gaining access to sensitive entries or authenticating as a user. No authentication is required to trigger the injection, increasing the potential impact on organizations that expose these interfaces publicly."}}}}, "created": "2026-04-18T01:15:05.990851+00:00", "updated": "2026-04-18T01:15:05.990865+00:00", "vendors": []}