PatchSiren cyber security CVE debrief
CVE-2026-13054 WatchGuard CVE debrief
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2. The vulnerability has a high CVSS score of 8.6 and is classified as HIGH severity. Users of affected Fireware OS versions should prioritize patching or mitigating this vulnerability.
- Vendor
- WatchGuard
- Product
- Fireware OS
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-07
Who should care
Users of WatchGuard Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2 should prioritize patching or mitigating this vulnerability. This includes administrators and security teams responsible for managing and securing WatchGuard Firebox devices. The vulnerability has a high CVSS score of 8.6 and is classified as HIGH severity, indicating a significant risk to affected systems.
Technical summary
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2. The vulnerability is caused by inadequate input validation and sanitization in the Management Web UI, allowing attackers to bypass security restrictions and write files to arbitrary locations on the Firebox's filesystem.
Defensive priority
High
Recommended defensive actions
- Inventory and verify affected WatchGuard Fireware OS versions
- Apply vendor patches or updates
- Monitor for suspicious file writes
- Restrict access to Management Web UI
- Implement compensating controls
- Review and update incident response plans
- Conduct vulnerability scanning and penetration testing
Evidence notes
Evidence is limited. Official CVE and NVD records confirm the vulnerability. WatchGuard has published an advisory. The vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2. Defenders should verify the affected scope and apply patches or updates accordingly.
Official resources
-
CVE-2026-13054 CVE record
CVE.org
-
CVE-2026-13054 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5d1c2695-1a31-4499-88ae-e847036fd7e3
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T00:16:50.497Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.