What is CVE-2026-41288?

CVE-2026-41288 is a high-severity vulnerability in Watchguard Agent, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.8/10. Published 2026-05-06.

How severe is CVE-2026-41288?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Watchguard Agent

CVE-2026-41288

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYSTEM.

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Watchguard Agent
Watchguard Agent — versions 0

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

5d1c2695-1a31-4499-88ae-e847036fd7e3 (Not Applicable)

Frequently asked questions

What is CVE-2026-41288?: CVE-2026-41288 is a high-severity vulnerability in Watchguard Agent, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.8/10. Published 2026-05-06.
How severe is CVE-2026-41288?: High severity. CVSS v3 base score is 7.8 out of 10.