Skip to main content

Fireware OS CVE-2026-13371

| EUVDEUVD-2026-41447 MEDIUM
Deserialization of Untrusted Data (CWE-502)
2026-07-02 WatchGuard GHSA-hprc-6hj7-jj8j
6.9
CVSS 4.0 · Vendor: WatchGuard
Share

Severity by source

Vendor (WatchGuard) PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.9 MEDIUM

Admin authentication (PR:H) is explicitly required per description; availability-only crash impact (A:H) with no confidentiality or integrity loss (C:N/I:N).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (WatchGuard).

CVSS VectorVendor: WatchGuard

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 02, 2026 - 23:58 vuln.today

DescriptionCVE.org

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

AnalysisAI

Denial-of-service in WatchGuard Fireware OS Management Web UI allows an authenticated administrator to crash the management service by submitting crafted input to the put_data endpoint, which performs unsafe deserialization of attacker-controlled data (CWE-502). The CVSS 4.0 vector (PR:H, VA:H) confirms that exploitation is restricted to administrator-level accounts and results in availability loss only - no confidentiality or integrity impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain admin credentials via phishing or credential theft
Delivery
Authenticate to Fireware Management Web UI over network
Exploit
Craft malformed serialized payload
Execution
Submit crafted data to put_data endpoint
Persist
Unsafe deserialization triggers service crash
Impact
Management Web UI becomes unavailable

Vulnerability AssessmentAI

Exploitation Exploitation requires valid administrator-level credentials for the Fireware Management Web UI, confirmed by both the vulnerability description and the CVSS 4.0 PR:H metric - standard user or lower-privilege accounts are insufficient to reach the vulnerable endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 6.9 with vector AV:N/PR:H/VA:H accurately reflects a moderate-priority issue with a hard ceiling on real-world impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained WatchGuard administrator credentials through phishing, credential stuffing, or insider access connects remotely to the Fireware Management Web UI and submits a specially crafted malformed serialized payload to the put_data endpoint. The unsafe deserialization routine crashes, taking the management interface offline and preventing administrators from modifying firewall policy or responding to concurrent security incidents. …
Remediation Consult the WatchGuard PSIRT advisory at https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00014 for the specific patched Fireware OS version and upgrade instructions - exact fix version numbers are not independently confirmed from the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-13368 CRITICAL
9.2 Jul 02

Remote code execution in WatchGuard Fireware OS affects Fireboxes running a Mobile User VPN with IKEv2 that authenticate

CVE-2026-13084 HIGH
8.7 Jul 02

Denial-of-service in WatchGuard Fireware OS lets a remote, unauthenticated attacker crash the IKEv2 VPN service by sendi

CVE-2026-13050 HIGH
8.6 Jul 02

Remote code execution in WatchGuard Fireware OS (the operating system powering Firebox network security appliances) allo

CVE-2026-13384 HIGH
8.6 Jul 02

Authenticated arbitrary code execution in WatchGuard Fireware OS (12.1-12.12 and 2025.1-2026.2) arises from an out-of-bo

CVE-2026-13383 HIGH
8.6 Jul 02

Arbitrary code execution in WatchGuard Fireware OS (the firmware powering Firebox network security appliances) arises fr

CVE-2026-13053 HIGH
8.6 Jul 02

Authenticated command execution in WatchGuard Fireware OS lets a privileged administrator escalate a specially crafted C

CVE-2026-13054 HIGH
8.6 Jul 02

Arbitrary file write in the WatchGuard Fireware OS Management Web UI lets a privileged, authenticated administrator esca

CVE-2026-3987 HIGH
8.6 Apr 01

Remote code execution in WatchGuard Fireware OS versions 12.6.1 through 12.11.8 and 2025.1 through 2026.1.2 allows privi

CVE-2026-13722 HIGH
8.6 Jul 02

Firmware signature validation bypass in WatchGuard Fireware OS lets an authenticated administrator upload a tampered fir

CVE-2026-4266 HIGH
8.4 Mar 30

Insecure deserialization in WatchGuard Fireware OS enables local code execution as the portald user when combined with a

CVE-2026-8247 HIGH
7.7 Jul 02

Remote code execution in WatchGuard Fireware OS (the firmware powering WatchGuard Firebox firewall appliances) allows an

CVE-2026-13079 HIGH
7.3 Jul 02

Local privilege escalation in WatchGuard Mobile VPN with SSL client for Windows (versions up to and including 2026.2) le

Share

CVE-2026-13371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy