PatchSiren cyber security CVE debrief
CVE-2026-13384 WatchGuard CVE debrief
CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent process. An authenticated privileged user could execute arbitrary code via specially crafted requests to the Management Web UI. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. The vulnerability has a CVSS score of 8.6, indicating high severity. Users of affected versions should assess and apply patches or mitigations.
- Vendor
- WatchGuard
- Product
- Fireware OS
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-03
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-03
- Advisory updated
- 2026-07-07
Who should care
Users of WatchGuard Fireware OS, particularly those with versions 12.1 through 12.12 and 2025.1 through 2026.2, should assess and potentially apply patches or mitigations. System administrators and security teams responsible for managing WatchGuard Fireware OS deployments should prioritize this vulnerability due to its high severity and potential for code execution.
Technical summary
The CVE-2026-13384 vulnerability is an Out-of-bounds Write issue within the wgagent process of WatchGuard Fireware OS. This could allow an authenticated privileged user to execute arbitrary code by sending specially crafted requests to the Management Web UI. The vulnerability impacts Fireware OS versions 12.1 through 12.12 and 2025.1 through 2026.2. It has a CVSS score of 8.6, indicating high severity. Users should review WatchGuard's official advisory for specific guidance on affected versions and patches.
Defensive priority
High priority due to the potential for code execution by authenticated users and the high CVSS score of 8.6.
Recommended defensive actions
- Apply patches or updates provided by WatchGuard for Fireware OS versions 12.1 through 12.12 and 2025.1 through 2026.2.
- Restrict access to the Management Web UI to minimize the risk of exploitation.
- Monitor systems for unusual activity indicative of potential exploitation.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
Evidence from the NVD and CVE records indicates a high severity vulnerability with a CVSS score of 8.6. The vulnerability is awaiting analysis but has been publicly disclosed. WatchGuard Fireware OS versions 12.1 through 12.12 and 2025.1 through 2026.2 are affected. Users should verify their system configurations and review WatchGuard's official advisory for specific guidance. Defensive measures should include monitoring for unusual activity indicative of potential exploitation and restricting access to the Management Web UI.
Official resources
-
CVE-2026-13384 CVE record
CVE.org
-
CVE-2026-13384 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
5d1c2695-1a31-4499-88ae-e847036fd7e3
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-03T00:16:51.893Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.