A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.
This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.
References
| Link | Resource |
|---|---|
| https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
History
10 Jul 2026, 12:58
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:* cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:* cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
| References | () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028 - Vendor Advisory | |
| First Time |
Watchguard firebox M370
Watchguard firebox M4600 Watchguard firebox T185 Watchguard firebox M595 Watchguard firebox M670 Watchguard firebox T145-w Watchguard firebox M270 Watchguard firebox M690 Watchguard firebox M395 Watchguard firebox T15 Watchguard firebox M590 Watchguard firebox M495 Watchguard firebox T40 Watchguard firebox M570 Watchguard firebox M5800 Watchguard firebox T70 Watchguard firebox M5600 Watchguard firebox T80 Watchguard fireware Watchguard firebox M440 Watchguard firebox M695 Watchguard firebox M295 Watchguard fireboxv Watchguard firebox T35 Watchguard firebox T55 Watchguard firebox T115-w Watchguard firebox T25 Watchguard firebox M4800 Watchguard firebox T20 Watchguard firebox T145 Watchguard firebox T45 Watchguard fireboxcloud Watchguard firebox T85 Watchguard firebox M470 Watchguard firebox Nv5 Watchguard firebox M390 Watchguard firebox M290 Watchguard Watchguard firebox T125-w Watchguard firebox T125 |
03 Jul 2026, 00:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-03 00:16
Updated : 2026-07-10 12:58
NVD link : CVE-2026-13054
Mitre link : CVE-2026-13054
CVE.ORG link : CVE-2026-13054
JSON object : View
Products Affected
watchguard
- firebox_m5800
- firebox_t145
- firebox_t85
- firebox_m670
- firebox_m390
- firebox_t45
- firebox_nv5
- firebox_m595
- firebox_m470
- firebox_m395
- firebox_t125-w
- firebox_m295
- firebox_t40
- firebox_m590
- firebox_t15
- firebox_t80
- firebox_t115-w
- fireboxcloud
- firebox_t145-w
- firebox_t35
- fireboxv
- firebox_m4800
- firebox_t125
- firebox_t20
- firebox_m440
- firebox_m5600
- firebox_t55
- firebox_m690
- firebox_m270
- firebox_t185
- firebox_m495
- firebox_m695
- firebox_m370
- fireware
- firebox_m570
- firebox_m4600
- firebox_m290
- firebox_t25
- firebox_t70
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
