CVE-2022-26318
CVE-2022-26318
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (11 stars) — exploitation code widely available.
CVSS 9.8EPSS 78.3%KEV simPoC públicaNuclei —Metasploit simPatch —
Lifecycle
04 Mar 2022Published on NVD
25 Mar 2022Active exploitation (CISA KEV)
28 Mar 2022Public PoC
29 Aug 2022Metasploit module available
Weaponization speed
23 daysto first PoC
177 daysto Metasploit module
20 daysto active exploitation (KEV)
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
An unauthenticated attacker can execute arbitrary code on WatchGuard Firebox and XTM firewall appliances without needing credentials. This is critical because it allows complete compromise of the firewall, which is supposed to be a trusted security barrier.
Technical detail
Unauthenticated remote code execution in WatchGuard Fireware OS (versions <12.7.2_U2, 12.x <12.1.3_U8, 12.2.x-12.5.x <12.5.9_U2) allows arbitrary code execution on affected appliances. The attack vector is network-based and requires no prior authentication or user interaction, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 7
githubgithub.com/misterxid/watchguard_cve-2022-26318★ 11githubgithub.com/h3llk4t3/Watchguard-RCE-POC-CVE-2022-26318★ 2githubgithub.com/BabyTeam1024/CVE-2022-26318★ 2githubgithub.com/egilas/Watchguard-RCE-POC-CVE-2022-26318★ 0vulncheckvulncheck.com/xdb/d1337d2a7e63unverifiedvulncheckvulncheck.com/xdb/2b6b8cb11413unverifiedvulncheckvulncheck.com/xdb/1b92b4418032unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.