Reflected XSS Vulnerability in Fireware OS by WatchGuard
CVE-2026-3343

5.1MEDIUM

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 3 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-3343?

A reflected cross-site scripting (XSS) vulnerability exists in the Fireware OS Web UI, allowing attackers to execute malicious JavaScript code in the browser of an authenticated management user. This occurs when the user interacts with specially constructed links, potentially exposing sensitive information or allowing further exploitation of the user's session.

Affected Version(s)

Fireware OS 12.7 <= 12.11.7

Fireware OS 2025.1 <= 2026.1.1

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-...

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 3, 2026
Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Feb 27, 2026

Credit

btaol

CVE-2026-3343 Data

JSON

Watchguard