Description
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.

This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Published: 2026-03-03
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authenticated Cross‑Site Scripting in Fireware OS Web UI
Action: Apply Patch
AI Analysis

Impact

This reflected cross‑site scripting flaw permits an attacker to inject malicious JavaScript into a crafted link that, when clicked by an authenticated management user, runs in the user’s browser. The weakness, identified as CWE‑79, allows code execution in the context of the privileged user interface, potentially exposing sensitive configuration data or enabling further attacks.

Affected Systems

The flaw affects WatchGuard Fireware OS versions 12.7 through 12.11.7 and 2025.1 through 2026.1.1 on a wide range of Firebox devices, including the M270, M290, M295, M370, M390, M395, M440, M4600, M470, M4800, M495, M5600, M570, M5800, M590, M595, M670, M690, M695, NV5, T115‑W, T125‑W, T125, T145‑W, T145, T185, T20, T25, T40, T45, T55, T70, T80, T85, Fireboxcloud, and Fireboxv.

Risk and Exploitability

With a CVSS score of 5.1 and an EPSS value below 1%, the vulnerability presents moderate severity but a low estimated likelihood of exploitation. The flaw requires the attacker to craft a link and persuade a legitimate management user to click it, implying reliance on social engineering or insider assistance. Because it is not listed in CISA’s KEV catalog, there have been no confirmed large‑scale exploitations to date.

Generated by OpenCVE AI on April 18, 2026 at 10:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WatchGuard Fireware OS to a release that includes the XSS fix (any rebuild after 12.11.7 or 2026.1.1).
  • Restrict web UI access to trusted internal hosts or VPN endpoints to reduce the attack surface.
  • Deploy a web application firewall or configure a Content Security Policy to block reflected XSS payloads on the UI.

Generated by OpenCVE AI on April 18, 2026 at 10:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Watchguard firebox M270
Watchguard firebox M290
Watchguard firebox M295
Watchguard firebox M370
Watchguard firebox M390
Watchguard firebox M395
Watchguard firebox M440
Watchguard firebox M4600
Watchguard firebox M470
Watchguard firebox M4800
Watchguard firebox M495
Watchguard firebox M5600
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox M590
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox M690
Watchguard firebox M695
Watchguard firebox Nv5
Watchguard firebox T115-w
Watchguard firebox T125
Watchguard firebox T125-w
Watchguard firebox T145
Watchguard firebox T145-w
Watchguard firebox T185
Watchguard firebox T20
Watchguard firebox T25
Watchguard firebox T40
Watchguard firebox T45
Watchguard firebox T55
Watchguard firebox T70
Watchguard firebox T80
Watchguard firebox T85
Watchguard fireboxcloud
Watchguard fireboxv
Watchguard fireware
CPEs cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*
cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*
cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*
Vendors & Products Watchguard firebox M270
Watchguard firebox M290
Watchguard firebox M295
Watchguard firebox M370
Watchguard firebox M390
Watchguard firebox M395
Watchguard firebox M440
Watchguard firebox M4600
Watchguard firebox M470
Watchguard firebox M4800
Watchguard firebox M495
Watchguard firebox M5600
Watchguard firebox M570
Watchguard firebox M5800
Watchguard firebox M590
Watchguard firebox M595
Watchguard firebox M670
Watchguard firebox M690
Watchguard firebox M695
Watchguard firebox Nv5
Watchguard firebox T115-w
Watchguard firebox T125
Watchguard firebox T125-w
Watchguard firebox T145
Watchguard firebox T145-w
Watchguard firebox T185
Watchguard firebox T20
Watchguard firebox T25
Watchguard firebox T40
Watchguard firebox T45
Watchguard firebox T55
Watchguard firebox T70
Watchguard firebox T80
Watchguard firebox T85
Watchguard fireboxcloud
Watchguard fireboxv
Watchguard fireware
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 04 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
References

Wed, 04 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
References

Tue, 03 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 03 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Title WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI
First Time appeared Watchguard
Watchguard fireware Os
Weaknesses CWE-79
CPEs cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.7
cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1
Vendors & Products Watchguard
Watchguard fireware Os
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Watchguard Firebox M270 Firebox M290 Firebox M295 Firebox M370 Firebox M390 Firebox M395 Firebox M440 Firebox M4600 Firebox M470 Firebox M4800 Firebox M495 Firebox M5600 Firebox M570 Firebox M5800 Firebox M590 Firebox M595 Firebox M670 Firebox M690 Firebox M695 Firebox Nv5 Firebox T115-w Firebox T125 Firebox T125-w Firebox T145 Firebox T145-w Firebox T185 Firebox T20 Firebox T25 Firebox T40 Firebox T45 Firebox T55 Firebox T70 Firebox T80 Firebox T85 Fireboxcloud Fireboxv Fireware Fireware Os
cve-icon MITRE

Status: PUBLISHED

Assigner: WatchGuard

Published:

Updated: 2026-03-04T15:22:22.283Z

Reserved: 2026-02-27T15:37:10.115Z

Link: CVE-2026-3343

cve-icon Vulnrichment

Updated: 2026-03-03T14:45:31.213Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T14:15:57.687

Modified: 2026-03-04T19:34:56.143

Link: CVE-2026-3343

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses