Cross-site Scripting Vulnerability in WatchGuard Fireware OS
CVE-2026-13373

4.8MEDIUM

Key Information:

Vendor

Watchguard

Vendor
CVE Published:
2 July 2026

What is CVE-2026-13373?

A stored Cross-site Scripting (XSS) vulnerability exists in WatchGuard Fireware OS, specifically within the Tigerpaw Technology Integration module. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users, potentially compromising their data and security. This flaw presents an additional attack vector that remains unaddressed from previous vulnerabilities, enabling further exploitation within affected systems. Users of Fireware OS versions from 12.4 to 12.12, as well as certain builds of versions 12.5 and 2025.1 to 2026.2, are encouraged to review protective measures urgently.

Affected Version(s)

Fireware OS 12.4 <= 12.12

Fireware OS 12.5 <= 12.5.18

Fireware OS 2025.1 <= 2026.2

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)
.