An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.CreditsCody SixteenReferenceshttps://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00014