
2026-07-02 Release of Fireware and Mobile SSL VPN Client fix many security issues
The VPN client has a privilege escalation which allows a local attacker to gain SYSTEM access: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00027
The firebox has an LDAP-auth-RCE. Reminds me of January: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00023
Just the ones I saw first, there are more advisories. Better to update sooner than later. https://www.watchguard.com/wgrd-psirt/advisories