Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3234 articles · 170323 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-13054EXPLOITEDPATCHED
watchguard · fireware os

WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI

Description

A vulnerability marked as critical has been reported in WatchGuard Fireware OS up to 11.12.4+541730/12.5.18/12.12/2026.2. Affected is an unknown function. Performing a manipulation results in path traversal. This vulnerability was named CVE-2026-13054. The attack may be initiated remotely.

Affected Products

VendorProductVersions
watchguardfireware os11.0, 12.0, 12.5, 2025.1, 11.12.4+541730, 12.5.18

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
watchguardfireboxcert_advisory90%

References

  • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028(vendor-advisory)

Related News (2 articles)

Tier B
BSI Advisories5h ago
[NEU] [hoch] WatchGuard Firebox: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB11h ago
CVE-2026-13054 | WatchGuard Fireware OS up to 11.12.4+541730/12.5.18/12.12/2026.2 path traversal (wgsa-2026-00028)
→ No new info (linked only)
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028
CWECWE-22
PublishedJul 2, 2026
Last enriched11h agov2
Trending Score60
Source articles2
Independent2
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-13722EXP
WatchGuard Firebox Firmware Image Validation Bypass in WatchGuard Fireware OS
Trending: 60
CRITICALCVE-2026-13384EXP
WatchGuard Firebox wgagent Out of Bounds Write Vulnerability
Trending: 60
CRITICALCVE-2026-13383EXP
WatchGuard Firebox ikestubd Out of Bounds Write Vulnerability
Trending: 60
CRITICALCVE-2026-13050EXP
WatchGuard Firebox networkd Out of Bounds Write Vulnerability
Trending: 60
CRITICALCVE-2026-13053EXP
WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Command Handler
Trending: 60

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 2, 2026
Actively Exploited
Jul 2, 2026
Patch Available
Jul 2, 2026
Discovered by ZDM
Jul 2, 2026
Updated: description, severity, affectedVersions, activelyExploited
Jul 3, 2026

Version History

v2
Last enriched 11h ago
v2Tier C11h ago

Updated severity to CRITICAL, added affected versions 11.12.4+541730 and 12.5.18, and noted that the vulnerability is actively exploited.

descriptionseverityaffectedVersionsactivelyExploited
via VulDB
v116h ago

Initial creation