CVE Catalog

CVE-2026-13728

MediumCVSS 5.9
Published: Translated: NVD NIST

Summary

Under exceptional circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS versions 12.1 up to 12.12 and 2025.1 up to 2026.2.

Risk Assessment

The risk is that an attacker who gains access to configuration files could decrypt the credentials, potentially leading to unauthorized access to protected network resources.

Recommendation

It is recommended to immediately update Fireware OS to a patched version and, if possible, temporarily disable the Access Portal feature on FireClusters until the patch is applied.

Original NVD description (English source)

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS