关键漏洞信息 漏洞名称 WatchGuard Firebox LDAP Injection 漏洞标识 Advisory ID: WSGA-2026-00001 CVE: CVE-2026-1498 影响 Impact: High 状态 Status: Resolved 产品家族 Product Family: Firebox 发布及更新日期 Published Date: 2026-01-29 Updated Date: 2026-01-29 绕过方法 Workaround Available: False CVSS 评分 CVSS Score: 7.0 CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N 漏洞概述 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to authenticate as an LDAP user with a partial identifier if they additionally have that user's valid passphrase. 受影响版本 This vulnerability affects Fireware OS 12.0 up to and including 12.11.6 and 2025.1 up to and including 2025.1.4. 解决方案 漏洞影响产品列表