Back to overview

CVE-2026-13728

MEDIUM
5.9
CVSS 4.0
Description
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.

Metadata

CVE ID
CVE-2026-13728
State
PUBLISHED
Assigner
WatchGuard
Reserved
2026-06-29 14:36 UTC
Published
2026-07-02 23:07 UTC
Last updated
2026-07-02 23:07 UTC
Primary CWE
CWE-798
CWE-798 Use of Hard-coded Credentials
Vendor / Product
WatchGuard / Fireware OS
Sources
cve.org  ·  NVD

Severity & Metrics

5.9 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Affected products (1)
VendorProductPlatformVersions
WatchGuard Fireware OS 12.1 ≤ 12.12, 2025.1 ≤ 2026.2
Weakness (CWE)
CWESourceDescription
CWE-798 cna CWE-798 Use of Hard-coded Credentials
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Back to overview