Firmware Validation Bypass in WatchGuard Fireware OS
CVE-2026-13722

8.6HIGH

Key Information:

Vendor

Watchguard

Vendor
CVE Published:
2 July 2026

What is CVE-2026-13722?

WatchGuard Fireware OS contains a vulnerability that allows a firmware validation bypass during the backup and restore process. This flaw can be exploited by an authenticated administrator, enabling the installation of a tampered firmware image, potentially compromising system integrity. The affected versions include Fireware OS 11.0 to 11.12.4_Update1, 12.0 to 12.12, and 2025.1 to 2025.6.2. For more detailed information, refer to the vendor advisory.

Affected Version(s)

Fireware OS 11 11.0 <= 11.12.4+541730

Fireware OS 11 12.0 <= 12.12

Fireware OS 11 12.5 <= 12.5.18

References

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.