CVE-2026-13054

Summary

A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.

This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.

Affected Software

VendorProductVersion RangeStatus
WatchGuardFireware OS11.0 <= 11.12.4+541730affected
WatchGuardFireware OS12.0 <= 12.12affected
WatchGuardFireware OS12.5 <= 12.5.18affected
WatchGuardFireware OS2025.1 <= 2026.2affected

Weaknesses

  • CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References