CVE-2026-13054
HighCVSS 8.6Summary
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. Affected versions: Fireware OS 11.0 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.
Risk Assessment
An attacker could overwrite critical system files, potentially leading to device compromise, configuration integrity violation, or permanent system damage.
Recommendation
Immediately update WatchGuard Fireware OS to a patched version as per vendor advisory. Restrict management interface access to trusted networks only.
Original NVD description (English source)
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

