securityonline.info 7/3/2026, 2:41:21 AM · external

WatchGuard patches critical Firebox RCE flaw CVE-2026-13368

WatchGuard patches critical Firebox RCE flaw CVE-2026-13368
CyberSIXT Evidence Panel
Primary Source watchguard.com
CISA KEV Not in KEV
Patch Patch Status Unknown

WATCHGUARD has issued patches for seven critical vulnerabilities in its Firebox appliances, with the most severe being CVE-2026-13368, which allows unauthenticated remote code execution (RCE) with a CVSS score of 9.2. This flaw can expose the entire network perimeter, as no credentials are required for exploitation. The other six vulnerabilities, while requiring authentication, also enable potential code execution and file tampering.

The affected versions include Fireware OS 11.0 through 11.12.4_Update1 and other later versions, with specific guidance to update to version 2026.2.1 or 12.12.1. Administrators are advised to restrict access to the Management Web UI and prioritize addressing the critical vulnerabilities to prevent potential attacks.

View Primary Source Via securityonline.info

Article by CyberSIXT