[NEW] [high] WatchGuard Firebox: Multiple vulnerabilities
A remote, anonymous attacker can exploit multiple vulnerabilities in WatchGuard Firebox to execute arbitrary code, cause a denial of service, manipulate or disclose data, and perform cross-site scripting attacks.
CSIRTS triage
- What
- Multiple vulnerabilities can be exploited by a remote, anonymous attacker to execute arbitrary code, cause denial of service, manipulate or disclose data, and perform cross-site scripting attacks.
- Who is affected
- Deployments of WatchGuard Firebox are affected.
- Urgency
- Remediation is critical due to the high risk of remote exploitation.
- Action
- Update WatchGuard Firebox to the latest version.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Firebox
Get an email when a new Firebox advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2193
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-130500.44% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 35% of all scored CVEs.
- Low exploitation riskCVE-2026-130530.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-130540.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-130790.11% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 1% of all scored CVEs.
- Low exploitation riskCVE-2026-130840.50% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 39% of all scored CVEs.
- Low exploitation riskCVE-2026-133680.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
- Low exploitation riskCVE-2026-133710.31% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 23% of all scored CVEs.
- Low exploitation riskCVE-2026-133730.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2026-133740.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
- Low exploitation riskCVE-2026-133750.16% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 5% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-13050 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13053 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13054 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13079 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13084 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13368 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13371 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13373 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13374 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13375 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13376 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13377 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13383 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13384 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13722 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-13728 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-8247 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownCVE-2026-8247: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an unauthenticated att…nvd
- mediumCVE-2026-13728: In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encry…nvd
- unknownCVE-2026-13722: WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image vi…nvd
- highCVE-2026-13384: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process could allow an …nvd
- highCVE-2026-13383: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an…nvd
- mediumCVE-2026-13377: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vu…nvd
- mediumCVE-2026-13376: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vu…nvd
- mediumCVE-2026-13375: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vu…nvd
- mediumCVE-2026-13374: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vu…nvd
- mediumCVE-2026-13373: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vu…nvd
- unknownCVE-2026-13371: An authenticated administrator can trigger a denial-of-service condition in the Fireware Manag…nvd
- unknownCVE-2026-13368: WatchGuard Fireware OS contains a race condition leading to a use-after-free vulnerability in …nvd
Recent advisories for WatchGuard Firebox
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- unknownCVE-2026-13054: A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privil…nvd · 2026-07-03
- criticalexploitedCVE-2025-14733: WatchGuard Firebox Out of Bounds Write Vulnerabilitycisa-kev · 2025-12-19
- criticalexploitedCVE-2025-9242: WatchGuard Firebox Out-of-Bounds Write Vulnerabilitycisa-kev · 2025-11-12
- criticalexploitedCVE-2022-23176: WatchGuard Firebox and XTM Privilege Escalation Vulnerabilitycisa-kev · 2022-04-11
- criticalexploitedCVE-2022-26318: WatchGuard Firebox and XTM Appliances Arbitrary Code Executioncisa-kev · 2022-03-25
More from CERT-Bund (BSI) Security Advisories
- medium[NEW] [medium] DENX U-Boot: Multiple vulnerabilities allow execution of arbitrary code and DoS2026-07-10
- medium[NEW] [medium] Samsung Android: Multiple vulnerabilities2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow unspecified attack2026-07-10
- medium[UPDATE] [medium] Linux Kernel: Multiple vulnerabilities allow denial of service2026-07-10