PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-13079 WatchGuard CVE debrief

CVE-2026-13079 is a local privilege escalation vulnerability in the WatchGuard Mobile VPN with SSL client for Windows. An attacker can exploit this issue to escalate their privileges to NT AUTHORITYSYSTEM on the machine where the client is installed. The vulnerability affects the Mobile VPN with SSL client for Windows up to and including version 2026.2. This issue was reported by a third-party researcher and patched by the vendor.

Vendor
WatchGuard
Product
Fireware OS
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-03
Original CVE updated
2026-07-07
Advisory published
2026-07-03
Advisory updated
2026-07-07

Who should care

System administrators and security teams responsible for managing and securing Windows systems with WatchGuard Mobile VPN with SSL client installed should prioritize patching this vulnerability to prevent potential local privilege escalation attacks. Additionally, security teams should review compensating controls for exposed systems while remediation is scheduled and verified.

Technical summary

The vulnerability exists in the WatchGuard Mobile VPN with SSL client for Windows, allowing a local attacker to escalate privileges to NT AUTHORITYSYSTEM. The issue affects versions up to and including 2026.2. The CVSS score for this vulnerability is 7.3, indicating a high severity level. This issue was reported by a third-party researcher and patched by the vendor. To address this vulnerability, it is crucial to apply the vendor-provided patch for Mobile VPN with SSL client for Windows version 2026.2 or later. Additionally, system administrators should review compensating controls for exposed systems while remediation is scheduled and verified, and monitor systems for any suspicious activity that could indicate exploitation of this vulnerability.

Defensive priority

High

Recommended defensive actions

  • Apply the vendor-provided patch for Mobile VPN with SSL client for Windows version 2026.2 or later.
  • Ensure that all systems with the vulnerable client installed are updated as soon as possible.
  • Monitor systems for any suspicious activity that could indicate exploitation of this vulnerability.
  • Consider implementing additional security controls to limit the impact of a potential exploit, such as restricting access to sensitive areas of the system.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-07-03T00:16:50.630Z and was last modified on 2026-07-07T05:16:48.697Z. The NVD entry is currently Awaiting Analysis. The vulnerability details are based on the information provided in the CVE record and the vendor's advisory. The vendor has provided a patch for this vulnerability, which should be applied as soon as possible.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T00:16:50.630Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.