{"id":31203,"date":"2026-07-06T09:13:35","date_gmt":"2026-07-06T07:13:35","guid":{"rendered":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/?p=31203"},"modified":"2026-07-06T09:13:35","modified_gmt":"2026-07-06T07:13:35","slug":"fireware-v2026-2-1-v12-12-1-jetzt-verfuegbar-2","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2026\/07\/fireware-v2026-2-1-v12-12-1-jetzt-verfuegbar-2\/","title":{"rendered":"Fireware v2026.2.1 \/ v12.12.1 jetzt verf\u00fcgbar"},"content":{"rendered":"<p>Seit Kurzem verf\u00fcgbar: Fireware v2026.2.1 \/ v12.12.1 und WatchGuard System Manager 2026.3<\/p>\n<p>Fireware v2026.2.1 \/ v12.12.1 ist ein <strong>Security Release Update mit wichtigen Security Fixes<\/strong>, das neben sicherheitsrelevanten Verbesserungen auch neue Funktionen sowie Verbesserungen bei Stabilit\u00e4t und Verwaltung enth\u00e4lt.<\/p>\n<p>Eine vollst\u00e4ndige Auflistung aller Neuerungen finden Sie unter <a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_12_1\/index.html#Fireware\/en-US\/resolved_issues.html?TocPath=_____4\" target=\"_blank\" rel=\"noopener noreferrer\">&gt;&gt; Enhancements and Resolved Issues v2026.2.1<\/a> in den <a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_12_1\/index.html#Fireware\/en-US\/EN_Release_Notes_Fireware.html?TocPath=_____1\" target=\"_blank\" rel=\"noopener noreferrer\">&gt;&gt; Release Notes v2026.2.1<\/a>. <!--more--><\/p>\n<h3>Security Fixes<\/h3>\n<p>Diese Version behebt etliche sicherheitsrelevante Schwachstellen, unter anderem <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00023\">CVE-2026-13368<\/a>, ein kritisches CVE mit Score 9.2<\/p>\n<p>Vollst\u00e4ndige Liste:<\/p>\n<h2>Security Issues<\/h2>\n<ul>\n<li>This release resolves an insecure deserialization vulnerability in Fireware Web UI (CVE-2026-13371). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00014\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00014]<\/span><\/li>\n<li>This release resolves multiple Cross-Site Scripting (XSS) vulnerabilities in Fireware Web UI (CVE-2026-13373, CVE-2026-13374, CVE-2026-13375, CVE-2026-13376, CVE-2026-13377). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisories\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00015,WGSA-2026-00016, WGSA-2026-00017, WGSA-2026-00018, WGSA-2026-00019]<\/span><\/li>\n<li>This release resolves an authenticated memory corruption vulnerability in the <span class=\"Input\">ikestubd<\/span> process (CVE-2026-13383). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00020\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00020]<\/span><\/li>\n<li>This release resolves an authenticated memory corruption vulnerability in the <span class=\"Input\">wgagent<\/span> process (CVE-2026-13384). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00021\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00021]<\/span><\/li>\n<li>This release resolves a Fireware OS firmware image validation bypass (CVE-2026-13722). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00022\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00022]<\/span><\/li>\n<li>This release resolves a race condition and use-after-free vulnerabilities in the <span class=\"Input\">iked<\/span> process (CVE-2026-13368). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00023\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00023]<\/span><\/li>\n<li>This release resolves a null pointer dereference vulnerability in the <span class=\"Input\">iked<\/span> process (CVE-2026-13084). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00024\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00024]<\/span><\/li>\n<li>This release resolves a vulnerability in which the Firebox could fall back to a hardcoded encryption key for the Access Portal credentials database under exception circumstances (CVE-2026-13728). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00025\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00025]<\/span><\/li>\n<li>This release resolves an unauthenticated memory corruption vulnerability in the <span class=\"Input\">admd<\/span> process (CVE-2026-8247). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00026\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00026]<\/span><\/li>\n<li>This release resolves a local privilege escalation vulnerability in the Mobile VPN with SSL client for Windows (CVE-2026-13079). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00027\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00027]<\/span><\/li>\n<li>This release resolves an authenticated arbitrary file write vulnerability in the <span class=\"Input\">sigd<\/span> process (CVE-2026-13054). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00028\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00028]<\/span><\/li>\n<li>This release resolves an authenticated memory corruption vulnerability in the <span class=\"Input\">networkd<\/span> process (CVE-2026-13050). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00029\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00029]<\/span><\/li>\n<li>This release resolves an authenticated memory corruption vulnerability in the management CLI (CVE-2026-13053). View the full advisory details on <a href=\"https:\/\/www.watchguard.com\/wgrd-psirt\/advisory\/wgsa-2026-00030\">psirt.watchguard.com<\/a>. <span class=\"NumContinued\">[WGSA-2026-00030]<\/span><\/li>\n<li>The Firebox now encrypts configuration files downloaded from Fireware Web UI. <span class=\"NumContinued\"> [FBX-31480]<\/span><\/li>\n<\/ul>\n<h2>General<\/h2>\n<ul>\n<li>You can now successfully activate a FireboxV as a FireCloud gateway. <span class=\"NumContinued\"> [FBX-32578]<\/span><\/li>\n<li>The DHCP Server and DHCP Client OID now respond correctly. <span class=\"NumContinued\"> [FBX-3514]<\/span><\/li>\n<li>Application Control now correctly categorizes AI-related traffic. <span class=\"NumContinued\"> [FBX-29892]<\/span><\/li>\n<li>This release resolves an unexpected logout issue in Fireware Web UI after a connection attempt to WatchGuard Cloud. <span class=\"NumContinued\"> [FBX-33203]<\/span><\/li>\n<li>This release resolves a <span class=\"Input\">Firewalld<\/span> issue that stopped all traffic handling on a Firebox. <span class=\"NumContinued\"> [FBX-32463]<\/span><\/li>\n<li>This release resolves an issue that caused <span class=\"Input\">wireguard-wrap<\/span> log entries to flood the system logs. <span class=\"NumContinued\"> [FBX-32348]<\/span><\/li>\n<li>This release resolves an issue that caused the Bandwidth Meter and SNMP reports to show unexpected bandwidth spikes. <span class=\"NumContinued\"> [FBX-31700]<\/span><\/li>\n<li>This release increases the <span class=\"Input\">MQTT<\/span> keep-alive interval to prevent device disconnections from WatchGuard Cloud. <span class=\"NumContinued\"> [FBX-31683]<\/span><\/li>\n<li>This release corrects a typo in the <span class=\"Input\">wgagent<\/span> log message. <span class=\"NumContinued\"> [FBX-31644]<\/span><\/li>\n<li>This release resolves a kernel paging fault on Firebox T45 devices. <span class=\"NumContinued\"> [FBX-31435]<\/span><\/li>\n<li>This release corrects a typo in the <span class=\"Input\">wgcgi<\/span> log message. <span class=\"NumContinued\"> [FBX-31288]<\/span><\/li>\n<\/ul>\n<h2>Authentication<\/h2>\n<ul>\n<li>This release resolves an issue that caused Access Portal to return users to the login page after a successful SAML authentication. <span class=\"NumContinued\"> [FBX-32477]<\/span><\/li>\n<li>In Fireware Web UI, you can now customize the Active Directory Login Attribute. <span class=\"NumContinued\"> [FBX-31431]<\/span><\/li>\n<li>This release resolves an issue that could cause Mobile VPN with SSL credentials to become visible when HTTPS content inspection is enabled. <span class=\"NumContinued\"> [FBX-25144]<\/span><\/li>\n<\/ul>\n<h2>FireCluster<\/h2>\n<ul>\n<li>This release resolves an issue with FireCluster failover that caused an incomplete cluster action error. <span class=\"NumContinued\"> [FBX-33307]<\/span><\/li>\n<li>This release resolves a system storage issue that caused FireCluster upgrades to fail. <span class=\"NumContinued\"> [FBX-32390]<\/span><\/li>\n<li>Hotspot users are no longer removed after a system reboot or FireCluster failover. <span class=\"NumContinued\"> [FBX-32105]<\/span><\/li>\n<li>For large network configurations, the FireCluster status now appears correctly in Fireware Web UI. <span class=\"NumContinued\"> [FBX-31655]<\/span><\/li>\n<li>This release resolves an issue that caused a <span class=\"Input\">Primary Cluster Interface Down<\/span> status to appear on Firebox wireless T-series FireCluster members with Wi-Fi disabled. <span class=\"NumContinued\"> [FBX-31522]<\/span><\/li>\n<li>This release resolves periodic kernel crashes on M690 FireClusters. <span class=\"NumContinued\"> [FBX-32391, FBX-28017]<\/span><\/li>\n<\/ul>\n<h2>Networking<\/h2>\n<ul>\n<li>FQDN-based policies now apply correctly after a system reboot. <span class=\"NumContinued\"> [FBX-32407]<\/span><\/li>\n<li>This release resolves a Link Monitor configuration issue that caused <span class=\"Input\">networkd<\/span> crashes on FireClusters. <span class=\"NumContinued\"> [FBX-32156]<\/span><\/li>\n<li>Firebox M290, M390, M490, M590, M690 devices now correctly responds to Jumbo Frames. <span class=\"NumContinued\"> [FBX-32122]<\/span><\/li>\n<li>Fireware Web UI and WSM now correctly show the current interface negotiation speeds on Mx90 devices with specific modules. <span class=\"NumContinued\"> [FBX-23861]<\/span><\/li>\n<li>You can now manually select the link speed for the Firebox M 4x Multispeed (1\/2.5\/5G) Copper Module interfaces on Firebox M290, M390, M590, and M690 models. <span class=\"NumContinued\"> [FBX-32481]<\/span><\/li>\n<\/ul>\n<h2>VPN<\/h2>\n<ul>\n<li>This release resolves an issue with the Mobile VPN with SSL tunnel when the client log level was set to <span class=\"Input\">Debug<\/span>. <span class=\"NumContinued\"> [FBX-32442]<\/span><\/li>\n<li>This release resolves an issue that caused Mobile VPN with SSL disconnections. <span class=\"NumContinued\"> [FBX-30215, FBX-29831]<\/span><\/li>\n<li>VPN tunnels configured with SHA2-384 now correctly pass traffic. <span class=\"NumContinued\"> [FBX-28770]<\/span><\/li>\n<li>BOVPNs now correctly fail back to the primary gateway after a VPN failover event. <span class=\"NumContinued\"> [FBX-28819]<\/span><\/li>\n<\/ul>\n<h2>USB Backup Image and Auto-Restore<\/h2>\n<ul>\n<li>Backup image validation has been enhanced so that backup\/restore operations now apply the same strict integrity checks used during firmware upgrades to prevent installation of tampered or unauthorized Fireware OS images. <span class=\"NumContinued\">[FBX-32315]<\/span><\/li>\n<li>When you restore a USB backup image through the Fireware Web UI or Setup Wizard, only the configuration is restored. If you restore an older backup image that includes the Fireware OS, the OS is ignored and only the configuration is restored. <span class=\"NumContinued\">[FBX-32315]<\/span><\/li>\n<li>You can now only restore USB backup images when the Fireware version and build number of the backup image match the version and build installed on the Firebox. To restore the backup image, you must downgrade or upgrade the Firebox to the same Fireware version. <span class=\"NumContinued\">[FBX-32315]<\/span><\/li>\n<li>When you save a backup image to a connected USB drive for auto-restore, you can no longer choose to include the Fireware OS in the backup image. You must manually place the Fireware OS .sysa-dl image file that matches the version and build of the backup in the \\auto-restore folder on the USB drive. <span class=\"NumContinued\">[FBX-32315]<\/span><\/li>\n<li>USB backup images no longer include the Fireware OS, and the Include OS option has been removed from the USB backup configuration in Fireware Web UI. <span class=\"NumContinued\">[FBX-32432]<\/span><\/li>\n<\/ul>\n<p>USB auto-restore backup image changes after you upgrade:<\/p>\n<ul>\n<li>To be able to restore a new USB auto-restore backup image created in v12.12.1 and higher, you must first upgrade the recovery partition (sysB) of the Firebox.<\/li>\n<li>For instructions on how to download and install the software for the recovery partition, go to this <a href=\"https:\/\/techsearch.watchguard.com\/KB?type=Article&amp;SFDCID=kA10H000000g2vPSAQ&amp;lang=en_US\">WatchGuard Knowledge Base article<\/a>.<\/li>\n<li>For new USB auto-restore backup images created in v12.12.1 and higher, you must manually place the matching Fireware OS .sysa-dl file in the \\auto-restore folder on the USB drive. These new USB auto-restore backup images created in v12.12.1 can only be used to restore a Firebox that has an upgraded recovery partition (sysB).<\/li>\n<li>If you have not yet upgraded your recovery partition (sysB), USB auto-restore backup images created with previous Fireware versions will continue to work for auto-restore.<\/li>\n<li>After you upgrade the recovery partition (sysB), USB auto-restore backup images created with previous Fireware versions will continue to work for auto-restore, but you must manually place the matching Fireware OS .sysa-dl file in the \\auto-restore folder on the USB drive. Any embedded OS in the backup image is ignored. Root CA certificates from the previous Fireware version backup image are not restored. The Firebox boots with default certificates for the installed firmware version. You must manually re-import any certificates you imported previously.<\/li>\n<\/ul>\n<h3>Unterst\u00fctzte Ger\u00e4te<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/2026\/en_US\/2026_2_1\/index.html\" target=\"_blank\" rel=\"noopener\">Fireware v2026.2.1<\/a> ist verf\u00fcgbar f\u00fcr folgende Ger\u00e4te: Firebox T115-W, T125, T145, T185, M295, M395, M495, M595, M695<\/li>\n<li><a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/12\/en-US\/EN_ReleaseNotes_Fireware_12_12_1\/\" target=\"_blank\" rel=\"noopener\">Fireware v12.12.1<\/a> ist verf\u00fcgbar f\u00fcr folgende Ger\u00e4te: Firebox NV5, T20, T25, T40, T45, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M4600, M4800, M5600, M5800<br \/>\nFireboxV, Firebox Cloud, WatchGuard AP<\/li>\n<\/ul>\n<p>In unserem Infoportal finden Sie eine\u00a0<a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/supportinfos\/fireware-release-neuerungen\/\" target=\"_blank\" rel=\"noopener noreferrer\">&gt;&gt; \u00dcbersicht der letzten Fireware Releases inkl. deren Neuerungen<\/a>.<\/p>\n<h3>Download der Software aus dem WatchGuard Support Center<\/h3>\n<ul>\n<li>im\u00a0<a href=\"https:\/\/software.watchguard.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">WatchGuard Support Center<\/a>\u00a0das entsprechende Modell ausw\u00e4hlen um anschlie\u00dfend die gew\u00fcnschte Fireware downloaden zu k\u00f6nnen<\/li>\n<li><a href=\"https:\/\/cdn.watchguard.com\/SoftwareCenter\/Files\/WSM\/2026_3\/wsm_2026_3.exe\" target=\"_blank\" rel=\"noopener noreferrer\">WatchGuard System Manager 2026.3 (.exe)<\/a> (unterst\u00fctzt Fireware 2026.x (bis 2026.2), 2025.x sowie 12.5 und h\u00f6her)<\/li>\n<\/ul>\n<h3>WSM2026.3<\/h3>\n<p>Nochmals ein hinweis auf die zus\u00e4tzlichen Features des WSM2026.3. Hier wurden einige Erleichterungen beim Pflegen des Policy-Frameworks hinzugef\u00fcgt.<\/p>\n<ul>\n<li>Umbenennen von Aliasen<\/li>\n<li>Markierung der nichtbenutzten Aliase mit &#8222;(not used)&#8220;<\/li>\n<li>Erweitertes Kommentarfeld<\/li>\n<li>Erweiterte Suchfunktionalit\u00e4t<\/li>\n<\/ul>\n<p>Eine ausf\u00fchrliche Beschreibung finden Sie <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/2026\/06\/aliase-umbenennen-im-policy-manager-2026-3-und-weitere-verbesserungen\/\">im Artikel &#8222;Aliase umbenennen&#8220;<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Seit Kurzem verf\u00fcgbar: Fireware v2026.2.1 \/ v12.12.1 und WatchGuard System Manager 2026.3 Fireware v2026.2.1 \/ v12.12.1 ist ein Security Release Update mit wichtigen Security Fixes, das neben sicherheitsrelevanten Verbesserungen auch neue Funktionen sowie Verbesserungen bei Stabilit\u00e4t und Verwaltung enth\u00e4lt. Eine vollst\u00e4ndige Auflistung aller Neuerungen finden Sie unter &gt;&gt; Enhancements and Resolved Issues v2026.2.1 in den &gt;&gt; Release Notes v2026.2.1.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[122],"tags":[2751,2752,2750,2749,2746,2745,2736,2737,2738,2739,2740,2741,2742,2743,2744,2747,2748,1421,1236,2735,277,2734,425,548,492],"class_list":["post-31203","post","type-post","status-publish","format-standard","hentry","category-watchguard-software-release-news","tag-cve-2026-13050","tag-cve-2026-13053","tag-cve-2026-13054","tag-cve-2026-13079","tag-cve-2026-13084","tag-cve-2026-13368","tag-cve-2026-13371","tag-cve-2026-13373","tag-cve-2026-13374","tag-cve-2026-13375","tag-cve-2026-13376","tag-cve-2026-13377","tag-cve-2026-13383","tag-cve-2026-13384","tag-cve-2026-13722","tag-cve-2026-13728","tag-cve-2026-8247","tag-firebox-gateway","tag-firecloud","tag-fireeware-2026-2-1","tag-fireware","tag-fireware-12-12-1","tag-fireware-12-x","tag-fireware-release","tag-release"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/31203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=31203"}],"version-history":[{"count":1,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/31203\/revisions"}],"predecessor-version":[{"id":31204,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/31203\/revisions\/31204"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=31203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=31203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=31203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}