CVE-2026-13371
MediumCVSS 6.9Summary
A vulnerability in the Fireware Management Web UI allows an authenticated administrator to trigger a denial-of-service (DoS) condition by sending crafted data to the put_data endpoint, which performs unsafe deserialization of attacker-supplied input.
Risk Assessment
An attacker with admin privileges can disrupt the Fireware management interface, leading to unavailability of management services and potential network downtime.
Recommendation
Immediately update Fireware to the latest patched version and restrict access to the management interface to trusted IP addresses only.
Original NVD description (English source)
An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

