Stored XSS Vulnerability in WatchGuard Fireware OS SpamBlocker Module
CVE-2026-13376
4.8MEDIUM
What is CVE-2026-13376?
A vulnerability in the WatchGuard Fireware OS spamBlocker module allows for Stored XSS attacks owing to improper normalization of input during web page generation. This flaw provides an additional attack vector that may be exploited in conjunction with a previously identified vulnerability, enhancing the risk of unauthorized information exposure and manipulation. The affected versions range from Fireware OS 12.0 through 12.12, and 12.5 up to and including 12.5.18, as well as 2025.1 to 2026.2.
Affected Version(s)
Fireware OS 12.0 <= 12.12
Fireware OS 12.5 <= 12.5.18
Fireware OS 2025.1 <= 2026.2
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)
