CVE-2026-13374

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13937. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*

History

09 Jul 2026, 20:17

Type Values Removed Values Added
First Time Watchguard firebox M370
Watchguard firebox M4600
Watchguard firebox T185
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox T145-w
Watchguard firebox M270
Watchguard firebox M690
Watchguard firebox M395
Watchguard firebox T15
Watchguard firebox M590
Watchguard firebox M495
Watchguard firebox T40
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox T70
Watchguard firebox M5600
Watchguard firebox T80
Watchguard fireware
Watchguard firebox M440
Watchguard firebox M695
Watchguard firebox M295
Watchguard fireboxv
Watchguard firebox T35
Watchguard firebox T55
Watchguard firebox T115-w
Watchguard firebox T25
Watchguard firebox M4800
Watchguard firebox T20
Watchguard firebox T145
Watchguard firebox T45
Watchguard fireboxcloud
Watchguard firebox T85
Watchguard firebox M470
Watchguard firebox Nv5
Watchguard firebox M390
Watchguard firebox M290
Watchguard
Watchguard firebox T125-w
Watchguard firebox T125
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
References () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00016 - () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00016 - Vendor Advisory

03 Jul 2026, 15:16

Type Values Removed Values Added
References
  • {'url': 'https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00015', 'source': '5d1c2695-1a31-4499-88ae-e847036fd7e3'}
  • () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00016 -

03 Jul 2026, 00:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 00:16

Updated : 2026-07-09 20:17


NVD link : CVE-2026-13374

Mitre link : CVE-2026-13374

CVE.ORG link : CVE-2026-13374


JSON object : View

Products Affected

watchguard

  • firebox_m5800
  • firebox_t145
  • firebox_t85
  • firebox_m670
  • firebox_m390
  • firebox_t45
  • firebox_nv5
  • firebox_m595
  • firebox_m470
  • firebox_m395
  • firebox_t125-w
  • firebox_m295
  • firebox_t40
  • firebox_m590
  • firebox_t15
  • firebox_t80
  • firebox_t115-w
  • fireboxcloud
  • firebox_t145-w
  • firebox_t35
  • fireboxv
  • firebox_m4800
  • firebox_t125
  • firebox_t20
  • firebox_m440
  • firebox_m5600
  • firebox_t55
  • firebox_m690
  • firebox_m270
  • firebox_t185
  • firebox_m495
  • firebox_m695
  • firebox_m370
  • fireware
  • firebox_m570
  • firebox_m4600
  • firebox_m290
  • firebox_t25
  • firebox_t70
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')