CSRF Vulnerability in WatchGuard Fireware OS WebUI Affects Multiple Versions
CVE-2026-4315

7.1HIGH

Key Information:

Vendor: Watchguard
Status: Fireware Os
Vendor: CVE Published:; 30 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-4315?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WatchGuard Fireware OS WebUI, potentially allowing a remote attacker to instigate a denial-of-service (DoS) condition. This occurs when an authenticated administrator is tricked into visiting a malicious web page, which can disrupt the Fireware WebUI's functionality. The vulnerability affects specific versions of Fireware OS, ranging from 11.8 through 11.12.4+541730, 12.0 through 12.11.8, to 2025.1 through 2026.1.2, making it imperative for users to apply necessary patches and updates.

Affected Version(s)

Fireware OS 11.8 <= 11.12.4+541730

Fireware OS 12.0 <= 12.11.8

Fireware OS 12.5 <= 12.5.17

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 30, 2026
Vulnerability published
Mar 30, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)

CVE-2026-4315 Data

JSON

Watchguard

Badges

What is CVE-2026-4315?

Affected Version(s)

References

CVSS V4

Timeline

Credit