Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-13375— WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration

AI Predicted 8.8 Difficulty: Easy EPSS 0.26% · P17

Affected Version Matrix 3

VendorProductVersion RangeStatus
WatchGuardFireware OS12.4≤ 12.12affected
12.5≤ 12.5.18affected
2025.1≤ 2026.2affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-13375

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WatchGuard Fireware OS 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WatchGuard Fireware OS是美国WatchGuard公司的一款网络防火墙的操作系统。 WatchGuard Fireware OS存在跨站脚本漏洞,该漏洞源于Autotask Technology Integration模块中存在输入中和不当,容易受到存储型跨站脚本攻击。以下版本受到影响:12.4版本至12.12版本、12.5版本至12.5.18版本和2025.1版本至2026.2版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
WatchGuardFireware OS 12.4 ~ 12.12 -

II. Public POCs for CVE-2026-13375

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-13375

登录查看更多情报信息。

Vendor Advisories for CVE-2026-13375 (1)

Same Patch Batch · WatchGuard · 2026-07-02 · 17 CVEs total

CVE-2026-13377WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configurat
CVE-2026-13728WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential
CVE-2026-13722WatchGuard Firebox Firmware Image Validation Bypass in WatchGuard Fireware OS
CVE-2026-13368WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authent
CVE-2026-13383WatchGuard Firebox ikestubd Out of Bounds Write Vulnerability
CVE-2026-13373WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology
CVE-2026-13084Null Pointer Dereference in WatchGuard Fireware OS iked Process
CVE-2026-13053WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Command Handler
CVE-2026-13376WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
CVE-2026-13050WatchGuard Firebox networkd Out of Bounds Write Vulnerability
CVE-2026-13054WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI
CVE-2026-13384WatchGuard Firebox wgagent Out of Bounds Write Vulnerability
CVE-2026-13371WatchGuard Firebox Management Web UI Denial of Service via Unsafe Deserialization
CVE-2026-13079WatchGuard Mobile VPN with SSL Windows Client Local Privilege Escalation
CVE-2026-13374WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technolo
CVE-2026-8247WatchGuard Firebox admd Out of Bounds Write Vulnerability

IV. Related Vulnerabilities

V. Comments for CVE-2026-13375

No comments yet


Leave a comment