CVE-2026-13375
MediumCVSS 4.8Summary
Stored XSS vulnerability in the Autotask Technology Integration module of WatchGuard Fireware OS. This is an additional unmitigated attack path for CVE-2025-13938.
Risk Assessment
An attacker can inject a malicious script that executes in administrators' browsers, potentially leading to session hijacking, account takeover, or data theft.
Recommendation
Immediately upgrade Fireware OS to a version later than 12.12, 12.5.18, or 2026.2, depending on the release line used.
Original NVD description (English source)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.

