CVE Catalog

CVE-2026-13375

MediumCVSS 4.8
Published: Translated: NVD NIST

Summary

Stored XSS vulnerability in the Autotask Technology Integration module of WatchGuard Fireware OS. This is an additional unmitigated attack path for CVE-2025-13938.

Risk Assessment

An attacker can inject a malicious script that executes in administrators' browsers, potentially leading to session hijacking, account takeover, or data theft.

Recommendation

Immediately upgrade Fireware OS to a version later than 12.12, 12.5.18, or 2026.2, depending on the release line used.

Original NVD description (English source)

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS