Hard-Coded Encryption Key Vulnerability in WatchGuard Fireware OS
CVE-2026-13728
5.9MEDIUM
What is CVE-2026-13728?
The vulnerability in WatchGuard Fireware OS arises under specific conditions where a hard-coded encryption key is utilized to encrypt saved credentials for Access Portal resources. This affects a range of versions from 12.1 to 12.12 and from 2025.1 to 2026.2, posing a potential risk to sensitive credential management. However, devices that do not feature the Access Portal capability or standalone Fireboxes not part of a FireCluster remain unaffected.
Affected Version(s)
Fireware OS 12.1 <= 12.12
Fireware OS 2025.1 <= 2026.2
