CVE-2026-13728

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*

History

09 Jul 2026, 19:45

Type Values Removed Values Added
CPE cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
References () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00025 - () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00025 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.4
First Time Watchguard firebox M370
Watchguard firebox M4600
Watchguard firebox T185
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox T145-w
Watchguard firebox M270
Watchguard firebox M690
Watchguard firebox M395
Watchguard firebox M590
Watchguard firebox M495
Watchguard firebox T40
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox T70
Watchguard firebox M5600
Watchguard firebox T80
Watchguard fireware
Watchguard firebox M440
Watchguard firebox M695
Watchguard firebox M295
Watchguard fireboxv
Watchguard firebox T55
Watchguard firebox T115-w
Watchguard firebox T25
Watchguard firebox M4800
Watchguard firebox T20
Watchguard firebox T145
Watchguard firebox T45
Watchguard fireboxcloud
Watchguard firebox T85
Watchguard firebox M470
Watchguard firebox Nv5
Watchguard firebox M390
Watchguard firebox M290
Watchguard
Watchguard firebox T125-w
Watchguard firebox T125

03 Jul 2026, 00:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-03 00:16

Updated : 2026-07-09 19:45


NVD link : CVE-2026-13728

Mitre link : CVE-2026-13728

CVE.ORG link : CVE-2026-13728


JSON object : View

Products Affected

watchguard

  • firebox_m5800
  • firebox_t145
  • firebox_t85
  • firebox_m670
  • firebox_m390
  • firebox_t45
  • firebox_nv5
  • firebox_m595
  • firebox_m470
  • firebox_m395
  • firebox_t125-w
  • firebox_m295
  • firebox_t40
  • firebox_m590
  • firebox_t80
  • firebox_t115-w
  • fireboxcloud
  • firebox_t145-w
  • fireboxv
  • firebox_m4800
  • firebox_t125
  • firebox_t20
  • firebox_m440
  • firebox_m5600
  • firebox_t55
  • firebox_m690
  • firebox_m270
  • firebox_t185
  • firebox_m495
  • firebox_m695
  • firebox_m370
  • fireware
  • firebox_m570
  • firebox_m4600
  • firebox_m290
  • firebox_t25
  • firebox_t70
CWE
CWE-798

Use of Hard-coded Credentials