Home/ Blog/ Security news/ Article
Blog · Security news

A WatchGuard firewall can be taken over through its single sign-on agent, no login required

CVE-2026-8247 lets a network-adjacent attacker run code as root on WatchGuard Firebox firewalls with no login. Patch Fireware to 12.12.1 or 2026.2.1; some

WatchGuard Firebox firewall appliance in a rack with an exposed internal breach point

Firewalls are supposed to be the thing that watches everyone else. CVE-2026-8247 turns that around. A stack memory bug in WatchGuard's Firebox line lets an unauthenticated attacker who sits on the same network run code as root on the firewall itself. No password, no admin session, nobody clicking anything. Whoever reaches the box owns every policy it enforces.

WatchGuard published the fix on July 2. Trend's Zero Day Initiative, which reported the flaw, released its own advisory on July 15. There is no public exploit and no sign of in-the-wild use yet, but a memory-corruption bug in a perimeter device is exactly the kind of thing that gets weaponized quietly.

What actually broke

The flaw lives in admd, the Firebox process that handles authentication. It mishandles login notifications sent by WatchGuard's Single Sign-On, the feature that maps logged-in users to their IP addresses so a firewall rule can follow the person instead of the machine. One piece of that system is the Terminal Services agent, which reports logins from shared Windows hosts.

When admd reads one of those login notifications, it copies attacker-controllable data into a fixed-size buffer on the stack without checking the length first. Overrun the buffer and you can steer execution. ZDI and WatchGuard describe the result the same way: code running with root privileges on the appliance.

"Adjacent" is doing a lot of work in that severity score

WatchGuard scores this 7.7 and ZDI 7.5, both High rather than Critical, and the reason is the attack vector: adjacent network, not the open internet. That makes it tempting to file under "we will get to it." For a firewall, the instinct is wrong.

The Single Sign-On listener is reachable from wherever your SSO agents live, which is inside your trusted zones by design. That includes VPN-connected clients, internal servers, a compromised workstation on the LAN, or a guest segment that was never as isolated as the diagram claimed. Any of those counts as "adjacent." An attacker who already holds one internal host, the normal starting point for a ransomware crew, can pivot straight into root on the device that segments the network. The middling score reflects where the attacker begins, not how bad it is once they arrive.

Am I affected

Almost every supported branch is in scope. On the legacy 11.x line, everything up to and including 11.12.4 Update 1 carries the bug. The 12.0 series is affected all the way to 12.12. The older 12.5 maintenance branch is exposed through build 12.5.18. On the current train, every release from 2025.1 forward to 2026.2 is vulnerable.

Boxes running Single Sign-On with the Terminal Services agent are the clear targets. If SSO is switched off entirely the reachable surface shrinks, but do not read that as a fix.

Patching is not automatic here: check your model and branch first

WatchGuard shipped fixes, but not for every product, so "update to the latest" is not the whole answer. If you run the 12.x line, the patched build is Fireware 12.12.1. On the 2025.1 or 2026 train, move to 2026.2.1. Two groups are left out. The T15 and T35 hardware still sitting on the 12.5.x branch has no fix, marked unresolved by the vendor. The entire 11.x generation has reached end of life, so no patch is coming for it at all.

There is no workaround. If your appliance sits on an unresolved or end-of-life path, patching is not a lever you have, so the only one left is exposure. Restrict which hosts can reach the firewall's SSO agent listener, tighten segmentation so a compromised internal host cannot talk to it, and if you run a T15, T35, or any 11.x box, pull the replacement forward on your roadmap rather than waiting for a fix that, for 11.x, is never coming.

How you would know

Memory-corruption exploits against an appliance are hard to catch on the device itself, because the thing that would alert you is the thing being compromised. Watch the signals around it. Look for unexpected admd crashes or restarts, configuration changes nobody made, new administrative sessions, or outbound connections from the firewall to addresses you do not recognize. Ship appliance logs somewhere off the box so an attacker who lands on it cannot rewrite the evidence. Whether you run that monitoring yourself or through a managed detection service, the firewall's own logs and behavior are the tell, not any scan running on the appliance.

The perimeter is the target now

This is the same story with a different nameplate. SonicWall, Kemp LoadMaster, Citrix NetScaler, Fortinet: the boxes sold to defend the edge keep turning into the softest way through it, and the authentication and agent subsystems are where the memory bugs surface. Treat your firewall like the internet-facing application it is. Patch it on the same clock, watch it as closely, and assume "only reachable from inside" is a temporary condition, not a control.

Topics

Frequently asked questions

What is CVE-2026-8247?

CVE-2026-8247 is a stack-based buffer overflow in admd, the authentication daemon on WatchGuard Firebox firewalls. It lets a network-adjacent attacker with no login run code as root by sending crafted Single Sign-On login notifications. WatchGuard rates it 7.7 and has released fixed Fireware versions.

Which Fireware versions are affected and fixed?

Affected builds span most of the Fireware history: the 11.x line up to 11.12.4 Update 1, the 12.0 series to 12.12, the 12.5 branch to 12.5.18, and current releases from 2025.1 to 2026.2. WatchGuard fixed the 12.x line in 12.12.1 and newer builds in 2026.2.1. T15 and T35 on 12.5.x stay unresolved and 11.x is end of life.

Is CVE-2026-8247 being exploited in the wild?

No public exploit or in-the-wild exploitation had been reported at the time of writing. WatchGuard published its advisory on July 2, 2026 and Trend's Zero Day Initiative followed on July 15. A memory-corruption flaw in a perimeter appliance still warrants prompt patching before an exploit appears.

Why does the 'adjacent network' rating matter for a firewall?

An adjacent-network flaw needs the attacker on a connected segment rather than the open internet, which lowers the score. For a firewall, that surface is large: VPN clients, internal servers, and any compromised host can reach the Single Sign-On listener, so a foothold anywhere inside can reach root on the device.

What if my Firebox has no available patch?

If you run a T15 or T35 on 12.5.x or any end-of-life 11.x model, no fix exists and there is no workaround. Restrict which hosts can reach the firewall's Single Sign-On agent listener, tighten network segmentation, and move replacement of the device up your roadmap.

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.