CVE-2026-13371
6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WatchGuard | Fireware OS | 12.0 <= 12.12 | affected |
| WatchGuard | Fireware OS | 12.5 <= 12.5.18 | affected |
| WatchGuard | Fireware OS | 2025.1 <= 2026.2 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.