Firezone Security Advisories

Firezone Security Advisories https://www.firezone.dev/security-advisories Security vulnerabilities disclosed in Firezone, with affected components, vulnerable and fixed versions, impact, and remediation guidance. en-us FZ-2026-006: Windows device ID file is world-readable, allowing device verification bypass https://www.firezone.dev/security-advisories/fz-2026-006 https://www.firezone.dev/security-advisories/fz-2026-006 Thu, 04 Jun 2026 00:00:00 GMT FZ-2026-005: Windows GUI Client reads configuration from user-writable locations https://www.firezone.dev/security-advisories/fz-2026-005 https://www.firezone.dev/security-advisories/fz-2026-005 Thu, 04 Jun 2026 00:00:00 GMT FZ-2026-004: Linux GUI Client stores its configuration in a user-writable location https://www.firezone.dev/security-advisories/fz-2026-004 https://www.firezone.dev/security-advisories/fz-2026-004 Thu, 04 Jun 2026 00:00:00 GMT FZ-2026-003: Windows GUI Client named pipes accept connections from other local processes https://www.firezone.dev/security-advisories/fz-2026-003 https://www.firezone.dev/security-advisories/fz-2026-003 Thu, 04 Jun 2026 00:00:00 GMT FZ-2026-002: Linux tunnel service IPC socket accepts connections from any same-user process https://www.firezone.dev/security-advisories/fz-2026-002 https://www.firezone.dev/security-advisories/fz-2026-002 Thu, 04 Jun 2026 00:00:00 GMT FZ-2026-001: macOS Client lets local processes modify its configuration https://www.firezone.dev/security-advisories/fz-2026-001 https://www.firezone.dev/security-advisories/fz-2026-001 Thu, 04 Jun 2026 00:00:00 GMT