Fireware v2026.2.1 / v12.12.1 jetzt verfügbar
Seit Kurzem verfügbar: Fireware v2026.2.1 / v12.12.1 und WatchGuard System Manager 2026.3
Fireware v2026.2.1 / v12.12.1 ist ein Security Release Update mit wichtigen Security Fixes, das neben sicherheitsrelevanten Verbesserungen auch neue Funktionen sowie Verbesserungen bei Stabilität und Verwaltung enthält.
Eine vollständige Auflistung aller Neuerungen finden Sie unter >> Enhancements and Resolved Issues v2026.2.1 in den >> Release Notes v2026.2.1.
Security Fixes
Diese Version behebt etliche sicherheitsrelevante Schwachstellen, unter anderem CVE-2026-13368, ein kritisches CVE mit Score 9.2
Vollständige Liste:
Security Issues
- This release resolves an insecure deserialization vulnerability in Fireware Web UI (CVE-2026-13371). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00014]
- This release resolves multiple Cross-Site Scripting (XSS) vulnerabilities in Fireware Web UI (CVE-2026-13373, CVE-2026-13374, CVE-2026-13375, CVE-2026-13376, CVE-2026-13377). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00015,WGSA-2026-00016, WGSA-2026-00017, WGSA-2026-00018, WGSA-2026-00019]
- This release resolves an authenticated memory corruption vulnerability in the ikestubd process (CVE-2026-13383). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00020]
- This release resolves an authenticated memory corruption vulnerability in the wgagent process (CVE-2026-13384). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00021]
- This release resolves a Fireware OS firmware image validation bypass (CVE-2026-13722). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00022]
- This release resolves a race condition and use-after-free vulnerabilities in the iked process (CVE-2026-13368). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00023]
- This release resolves a null pointer dereference vulnerability in the iked process (CVE-2026-13084). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00024]
- This release resolves a vulnerability in which the Firebox could fall back to a hardcoded encryption key for the Access Portal credentials database under exception circumstances (CVE-2026-13728). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00025]
- This release resolves an unauthenticated memory corruption vulnerability in the admd process (CVE-2026-8247). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00026]
- This release resolves a local privilege escalation vulnerability in the Mobile VPN with SSL client for Windows (CVE-2026-13079). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00027]
- This release resolves an authenticated arbitrary file write vulnerability in the sigd process (CVE-2026-13054). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00028]
- This release resolves an authenticated memory corruption vulnerability in the networkd process (CVE-2026-13050). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00029]
- This release resolves an authenticated memory corruption vulnerability in the management CLI (CVE-2026-13053). View the full advisory details on psirt.watchguard.com. [WGSA-2026-00030]
- The Firebox now encrypts configuration files downloaded from Fireware Web UI. [FBX-31480]
General
- You can now successfully activate a FireboxV as a FireCloud gateway. [FBX-32578]
- The DHCP Server and DHCP Client OID now respond correctly. [FBX-3514]
- Application Control now correctly categorizes AI-related traffic. [FBX-29892]
- This release resolves an unexpected logout issue in Fireware Web UI after a connection attempt to WatchGuard Cloud. [FBX-33203]
- This release resolves a Firewalld issue that stopped all traffic handling on a Firebox. [FBX-32463]
- This release resolves an issue that caused wireguard-wrap log entries to flood the system logs. [FBX-32348]
- This release resolves an issue that caused the Bandwidth Meter and SNMP reports to show unexpected bandwidth spikes. [FBX-31700]
- This release increases the MQTT keep-alive interval to prevent device disconnections from WatchGuard Cloud. [FBX-31683]
- This release corrects a typo in the wgagent log message. [FBX-31644]
- This release resolves a kernel paging fault on Firebox T45 devices. [FBX-31435]
- This release corrects a typo in the wgcgi log message. [FBX-31288]
Authentication
- This release resolves an issue that caused Access Portal to return users to the login page after a successful SAML authentication. [FBX-32477]
- In Fireware Web UI, you can now customize the Active Directory Login Attribute. [FBX-31431]
- This release resolves an issue that could cause Mobile VPN with SSL credentials to become visible when HTTPS content inspection is enabled. [FBX-25144]
FireCluster
- This release resolves an issue with FireCluster failover that caused an incomplete cluster action error. [FBX-33307]
- This release resolves a system storage issue that caused FireCluster upgrades to fail. [FBX-32390]
- Hotspot users are no longer removed after a system reboot or FireCluster failover. [FBX-32105]
- For large network configurations, the FireCluster status now appears correctly in Fireware Web UI. [FBX-31655]
- This release resolves an issue that caused a Primary Cluster Interface Down status to appear on Firebox wireless T-series FireCluster members with Wi-Fi disabled. [FBX-31522]
- This release resolves periodic kernel crashes on M690 FireClusters. [FBX-32391, FBX-28017]
Networking
- FQDN-based policies now apply correctly after a system reboot. [FBX-32407]
- This release resolves a Link Monitor configuration issue that caused networkd crashes on FireClusters. [FBX-32156]
- Firebox M290, M390, M490, M590, M690 devices now correctly responds to Jumbo Frames. [FBX-32122]
- Fireware Web UI and WSM now correctly show the current interface negotiation speeds on Mx90 devices with specific modules. [FBX-23861]
- You can now manually select the link speed for the Firebox M 4x Multispeed (1/2.5/5G) Copper Module interfaces on Firebox M290, M390, M590, and M690 models. [FBX-32481]
VPN
- This release resolves an issue with the Mobile VPN with SSL tunnel when the client log level was set to Debug. [FBX-32442]
- This release resolves an issue that caused Mobile VPN with SSL disconnections. [FBX-30215, FBX-29831]
- VPN tunnels configured with SHA2-384 now correctly pass traffic. [FBX-28770]
- BOVPNs now correctly fail back to the primary gateway after a VPN failover event. [FBX-28819]
USB Backup Image and Auto-Restore
- Backup image validation has been enhanced so that backup/restore operations now apply the same strict integrity checks used during firmware upgrades to prevent installation of tampered or unauthorized Fireware OS images. [FBX-32315]
- When you restore a USB backup image through the Fireware Web UI or Setup Wizard, only the configuration is restored. If you restore an older backup image that includes the Fireware OS, the OS is ignored and only the configuration is restored. [FBX-32315]
- You can now only restore USB backup images when the Fireware version and build number of the backup image match the version and build installed on the Firebox. To restore the backup image, you must downgrade or upgrade the Firebox to the same Fireware version. [FBX-32315]
- When you save a backup image to a connected USB drive for auto-restore, you can no longer choose to include the Fireware OS in the backup image. You must manually place the Fireware OS .sysa-dl image file that matches the version and build of the backup in the \auto-restore folder on the USB drive. [FBX-32315]
- USB backup images no longer include the Fireware OS, and the Include OS option has been removed from the USB backup configuration in Fireware Web UI. [FBX-32432]
USB auto-restore backup image changes after you upgrade:
- To be able to restore a new USB auto-restore backup image created in v12.12.1 and higher, you must first upgrade the recovery partition (sysB) of the Firebox.
- For instructions on how to download and install the software for the recovery partition, go to this WatchGuard Knowledge Base article.
- For new USB auto-restore backup images created in v12.12.1 and higher, you must manually place the matching Fireware OS .sysa-dl file in the \auto-restore folder on the USB drive. These new USB auto-restore backup images created in v12.12.1 can only be used to restore a Firebox that has an upgraded recovery partition (sysB).
- If you have not yet upgraded your recovery partition (sysB), USB auto-restore backup images created with previous Fireware versions will continue to work for auto-restore.
- After you upgrade the recovery partition (sysB), USB auto-restore backup images created with previous Fireware versions will continue to work for auto-restore, but you must manually place the matching Fireware OS .sysa-dl file in the \auto-restore folder on the USB drive. Any embedded OS in the backup image is ignored. Root CA certificates from the previous Fireware version backup image are not restored. The Firebox boots with default certificates for the installed firmware version. You must manually re-import any certificates you imported previously.
Unterstützte Geräte
- Fireware v2026.2.1 ist verfügbar für folgende Geräte: Firebox T115-W, T125, T145, T185, M295, M395, M495, M595, M695
- Fireware v12.12.1 ist verfügbar für folgende Geräte: Firebox NV5, T20, T25, T40, T45, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M4600, M4800, M5600, M5800
FireboxV, Firebox Cloud, WatchGuard AP
In unserem Infoportal finden Sie eine >> Übersicht der letzten Fireware Releases inkl. deren Neuerungen.
Download der Software aus dem WatchGuard Support Center
- im WatchGuard Support Center das entsprechende Modell auswählen um anschließend die gewünschte Fireware downloaden zu können
- WatchGuard System Manager 2026.3 (.exe) (unterstützt Fireware 2026.x (bis 2026.2), 2025.x sowie 12.5 und höher)
WSM2026.3
Nochmals ein hinweis auf die zusätzlichen Features des WSM2026.3. Hier wurden einige Erleichterungen beim Pflegen des Policy-Frameworks hinzugefügt.
- Umbenennen von Aliasen
- Markierung der nichtbenutzten Aliase mit „(not used)“
- Erweitertes Kommentarfeld
- Erweiterte Suchfunktionalität
Eine ausführliche Beschreibung finden Sie im Artikel „Aliase umbenennen“.
Das könnte Sie auch interessieren: