{"api_version":"1","generated_at":"2026-07-13T13:03:00+00:00","cve":"CVE-2026-13054","urls":{"html":"https://cve.report/CVE-2026-13054","api":"https://cve.report/api/cve/CVE-2026-13054.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-13054","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-13054"},"summary":{"title":"WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI","description":"A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.\n\n\n\n\nThis vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.","state":"PUBLISHED","assigner":"WatchGuard","published_at":"2026-07-03 00:16:50","updated_at":"2026-07-10 12:58:52"},"problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"4.0","source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","score":"8.6","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"8.6","severity":"HIGH","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028","name":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028","refsource":"5d1c2695-1a31-4499-88ae-e847036fd7e3","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-13054","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-13054","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"WatchGuard","product":"Fireware OS","version":"affected 11.0 11.12.4+541730 semver","platforms":[]},{"source":"CNA","vendor":"WatchGuard","product":"Fireware OS","version":"affected 12.0 12.12 semver","platforms":[]},{"source":"CNA","vendor":"WatchGuard","product":"Fireware OS","version":"affected 12.5 12.5.18 semver","platforms":[]},{"source":"CNA","vendor":"WatchGuard","product":"Fireware OS","version":"affected 2025.1 2026.2 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Nicholas Zubrisky (@NZubrisky) of TrendAI Research","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"fireboxcloud","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"fireboxv","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m270","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m290","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m370","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m390","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m440","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m4600","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m470","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m4800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m5600","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m570","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m5800","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m590","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m670","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_m690","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_nv5","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t20","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t25","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t40","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t45","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t55","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t70","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t80","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"watchguard","cpe5":"firebox_t85","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"13054","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"watchguard","cpe5":"fireware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"13054","cve":"CVE-2026-13054","epss":"0.003890000","percentile":"0.309180000","score_date":"2026-07-08","updated_at":"2026-07-09 00:13:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-13054","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-07-06T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-07T03:56:23.074Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Fireware OS","vendor":"WatchGuard","versions":[{"lessThanOrEqual":"11.12.4+541730","status":"affected","version":"11.0","versionType":"semver"},{"lessThanOrEqual":"12.12","status":"affected","version":"12.0","versionType":"semver"},{"lessThanOrEqual":"12.5.18","status":"affected","version":"12.5","versionType":"semver"},{"lessThanOrEqual":"2026.2","status":"affected","version":"2025.1","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.0","versionEndIncluding":"11.12.4+541730","versionStartIncluding":"11.0","vulnerable":true},{"criteria":"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0","versionEndIncluding":"12.12","versionStartIncluding":"12.0","vulnerable":true},{"criteria":"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5","versionEndIncluding":"12.5.18","versionStartIncluding":"12.5","vulnerable":true},{"criteria":"cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1","versionEndIncluding":"2026.2","versionStartIncluding":"2025.1","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Nicholas Zubrisky (@NZubrisky) of TrendAI Research"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.</div><div><br></div><div>This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.</div>"}],"value":"A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.\n\n\n\n\nThis vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2."}],"impacts":[{"capecId":"CAPEC-139","descriptions":[{"lang":"en","value":"CAPEC-139 Relative Path Traversal"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-02T23:07:57.548Z","orgId":"5d1c2695-1a31-4499-88ae-e847036fd7e3","shortName":"WatchGuard"},"references":[{"tags":["vendor-advisory"],"url":"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00028"}],"source":{"advisory":"WGSA-2026-00028","defect":["FBX-33176"],"discovery":"EXTERNAL"},"title":"WatchGuard Firebox Arbitrary File Write via Path Traversal in Management Web UI","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"5d1c2695-1a31-4499-88ae-e847036fd7e3","assignerShortName":"WatchGuard","cveId":"CVE-2026-13054","datePublished":"2026-07-02T23:07:57.548Z","dateReserved":"2026-06-23T17:55:06.157Z","dateUpdated":"2026-07-07T03:56:23.074Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-03 00:16:50","lastModifiedDate":"2026-07-10 12:58:52","problem_types":["CWE-22","CWE-22 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV40":[{"source":"5d1c2695-1a31-4499-88ae-e847036fd7e3","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-06T00:00:00+00:00","id":"CVE-2026-13054","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"12.12.1","matchCriteriaId":"53C5AE66-0DEF-46C5-BE3A-B07CC62348FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*","matchCriteriaId":"E472917E-D6E1-4C2D-B37D-E76FCC7307CA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*","matchCriteriaId":"9A8C7779-4466-4A9E-B191-929E7746DFF7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*","matchCriteriaId":"6CE9A123-B769-4E56-845E-DC3DA6166C78"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*","matchCriteriaId":"180FAE8C-2E73-4C09-AA11-0C82A7715FA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*","matchCriteriaId":"309DBEF2-1D92-4641-827F-D99758B5FFA3"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*","matchCriteriaId":"D1E8CFC5-51FE-4D75-845F-D70C30AF11B0"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*","matchCriteriaId":"BBFBA966-E052-4350-9544-3B5D484DBB6B"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*","matchCriteriaId":"EF1E586D-0E88-447A-95E8-5203EF869ADB"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*","matchCriteriaId":"1BC087C4-CB10-46D4-A746-0C462354410C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*","matchCriteriaId":"59389EA2-3067-4AF8-AEC5-FE79E269C170"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*","matchCriteriaId":"445FA7CD-D0AE-4176-9AE5-293B918DE654"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*","matchCriteriaId":"1B4A7366-0304-431E-B3E4-719BA575CEAC"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*","matchCriteriaId":"E8512B4A-5269-4067-B9C6-475A4E8AD313"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*","matchCriteriaId":"179C6166-87E1-44F8-B727-CDDE40C673D9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*","matchCriteriaId":"584107CC-6136-4AA1-AE68-73B93BDDB5B6"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*","matchCriteriaId":"9295217E-C1A0-4A69-A0F0-C44814BB376C"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*","matchCriteriaId":"7DC49246-2166-4681-8D67-4C0940884872"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*","matchCriteriaId":"CC853916-8BDC-4F7C-BA53-D6AB490A9444"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*","matchCriteriaId":"D3562304-0317-4A3C-B622-D5CE01CC97F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*","matchCriteriaId":"327BA50A-366A-4367-93B8-328EC0136FA7"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*","matchCriteriaId":"D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*","matchCriteriaId":"3552F3BB-8021-4E87-987D-870699A7E619"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*","matchCriteriaId":"158560A0-D694-41AF-A5F8-0F6FB3EFB8FA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*","matchCriteriaId":"4ECAE1D7-9868-4730-B645-44CB1B6FDE96"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"2025.1","versionEndExcluding":"2026.2.1","matchCriteriaId":"51B8E788-8FAF-4681-9750-488B2691F473"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*","matchCriteriaId":"615FF2CF-69DA-4890-9236-52D8D6FA0E71"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*","matchCriteriaId":"A3439409-2FD6-447B-91CF-17D1C09E2A79"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*","matchCriteriaId":"C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*","matchCriteriaId":"575CC5EE-0278-489B-AA95-5EC5058D6FB9"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*","matchCriteriaId":"5597F672-3C72-4BCF-AD3F-F16B6913EC2F"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*","matchCriteriaId":"E8AAE66B-DD19-4C90-8DFC-F77BA1541642"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*","matchCriteriaId":"7FC18430-C6B4-4395-BFF1-83BB005875BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*","matchCriteriaId":"1A7C1C91-8B6E-4FB0-841E-7F88B06B1435"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*","matchCriteriaId":"8FE309D6-BD5E-4D18-91C3-A492C3576115"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*","matchCriteriaId":"75959D39-0960-4836-96C7-DB8048DDE4B8"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*","matchCriteriaId":"D0087049-27C6-4B18-A645-72A8F63D7C6D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndIncluding":"12.5.18","matchCriteriaId":"33948F6A-CD9A-48D6-9A8F-F288242641EE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t15:-:*:*:*:*:*:*:*","matchCriteriaId":"626220F8-7F0C-4DD8-8001-12EA0A777A0D"},{"vulnerable":false,"criteria":"cpe:2.3:h:watchguard:firebox_t35:-:*:*:*:*:*:*:*","matchCriteriaId":"E561A57F-91A5-4B3C-9F7D-62E9AB5163A7"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"13054","Ordinal":"1","Title":"WatchGuard Firebox Arbitrary File Write via Path Traversal in Ma","CVE":"CVE-2026-13054","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"13054","Ordinal":"1","NoteData":"A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows a privileged authenticated attacker to write arbitrary files on the Firebox's filesystem.\n\n\n\n\nThis vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2026.2.","Type":"Description","Title":"WatchGuard Firebox Arbitrary File Write via Path Traversal in Ma"}]}}}