WatchGuard has identified and addressed three critical vulnerabilities in its Firebox firewall appliances running Fireware OS. These flaws, designated as CVE-2026-13053, CVE-2026-13050, and CVE-2026-13054, each carry a CVSS v4.0 score of 8.6, indicating high severity. Exploitation of these vulnerabilities could enable authenticated attackers to execute arbitrary code and gain full control over affected devices.
Details of the Vulnerabilities
CVE-2026-13053 involves an out-of-bounds write in the Fireware OS command-line interface (CLI) command handler. A privileged, authenticated user can exploit this flaw by issuing a specially crafted CLI command, leading to arbitrary code execution.
CVE-2026-13050 pertains to an out-of-bounds write in the networkd process. This vulnerability can be exploited through crafted requests to the Management Web UI, allowing a privileged administrator to execute arbitrary code.
CVE-2026-13054 is a path traversal vulnerability in the Management Web UI. An authenticated attacker can exploit this flaw to write arbitrary files anywhere on the Firebox filesystem. By modifying startup scripts, binaries, or configuration files, the attacker can achieve code execution.
Affected Versions and Remediation
These vulnerabilities affect a broad range of Fireware OS versions across hardware, virtual, and cloud Firebox deployments. Specifically, versions 11.0 through 11.12.4_Update1, 12.0 through 12.12, 12.5 through 12.5.18, and 2025.1 through 2026.2 are impacted. Notably, legacy 11.x releases are end-of-life and will not receive fixes, necessitating an upgrade to supported versions.
WatchGuard has released Fireware OS versions 2026.2.1 and 12.12.1 to address these vulnerabilities. Customers on version 2025.1 should upgrade to 2026.2.1, while those on 12.x should move to at least 12.12.1. For deployments on 11.x versions, a migration path is required due to their end-of-life status.
Currently, there are no workarounds for these issues; therefore, applying the provided patches is essential. As a temporary measure, organizations should restrict management access to trusted networks and monitor administrative activities closely until the upgrades are completed.
These vulnerabilities underscore the critical importance of maintaining up-to-date firmware and implementing robust access controls. Organizations should prioritize patching to mitigate potential exploitation risks and ensure the security of their network infrastructure.