CVE Catalog

CVE-2026-13054

HighCVSS 8.6
Published: Translated: NVD NIST

Summary

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. Affected versions: Fireware OS 11.0 up to 11.12.4_Update1, 12.0 up to 12.12, and 2025.1 up to 2026.2.

Risk Assessment

An attacker could overwrite critical system files, potentially leading to device compromise, configuration integrity violation, or permanent system damage.

Recommendation

Immediately update WatchGuard Fireware OS to a patched version as per vendor advisory. Restrict management interface access to trusted networks only.

Original NVD description (English source)

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS