PatchSiren cyber security CVE debrief
CVE-2026-13079 WatchGuard CVE debrief
CVE-2026-13079 is a local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows. An attacker can exploit this issue to escalate their privileges to NT AUTHORITYSYSTEM on the machine where the client is installed. The vulnerability affects the Mobile VPN with SSL client for Windows up to and including version 2026.2. This issue was reported by a third-party researcher and patched by the vendor.
- Vendor
- WatchGuard
- Product
- Fireware OS
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-07
Who should care
System administrators and security teams responsible for managing and securing Windows systems with WatchGuard Mobile VPN with SSL client installed should prioritize patching this vulnerability to prevent potential local privilege escalation attacks. Additionally, security teams should review compensating controls for exposed systems while remediation is scheduled and verified.
Technical summary
The vulnerability exists in the WatchGuard Mobile VPN with SSL client for Windows, allowing a local attacker to escalate privileges to NT AUTHORITYSYSTEM. The issue affects versions up to and including 2026.2. The CVSS score for this vulnerability is 7.3, indicating a high severity level. This issue was reported by a third-party researcher and patched by the vendor. To address this vulnerability, it is crucial to apply the vendor-provided patch for Mobile VPN with SSL client for Windows version 2026.2 or later. Additionally, system administrators should review compensating controls for exposed systems while remediation is scheduled and verified, and monitor systems for any suspicious activity that could indicate exploitation of this vulnerability.
Defensive priority
High
Recommended defensive actions
- Apply the vendor-provided patch for Mobile VPN with SSL client for Windows version 2026.2 or later.
- Ensure that all systems with the vulnerable client installed are updated as soon as possible.
- Monitor systems for any suspicious activity that could indicate exploitation of this vulnerability.
- Consider implementing additional security controls to limit the impact of a potential exploit, such as restricting access to sensitive areas of the system.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-07-03T00:16:50.630Z and was last modified on 2026-07-07T05:16:48.697Z. The NVD entry is currently Awaiting Analysis. The vulnerability details are based on the information provided in the CVE record and the vendor's advisory. The vendor has provided a patch for this vulnerability, which should be applied as soon as possible.
Official resources
-
CVE-2026-13079 CVE record
CVE.org
-
CVE-2026-13079 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5d1c2695-1a31-4499-88ae-e847036fd7e3
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T00:16:50.630Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.