CVE-2026-13054
WatchGuard · Fireware OS
A path traversal vulnerability in the WatchGuard Fireware OS Management Web UI allows authenticated attackers to write arbitrary files to the Firebox filesystem.
Executive summary
An authenticated path traversal vulnerability in the WatchGuard Fireware OS Management Web UI permits attackers to write arbitrary files to the appliance filesystem, threatening device integrity.
Vulnerability
This path traversal flaw exists within the Management Web UI, allowing an attacker who has already achieved authenticated, privileged access to write files outside of intended directories on the appliance.
Business impact
This vulnerability carries a CVSS score of 8.6, reflecting the high risk to the core security appliance governing network traffic. An attacker could leverage this write capability to modify system binaries or configuration files, effectively bypassing security policies, disabling firewall features, or creating persistent backdoors within the network perimeter.
Remediation
Immediate Action: Apply the latest firmware updates for Fireware OS immediately to resolve the directory traversal flaw.
Proactive Monitoring: Monitor management interface logs for unauthorized file write attempts or anomalous access patterns from administrative accounts.
Compensating Controls: Limit access to the Management Web UI to dedicated administrative workstations or management networks to reduce the attack surface.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Security appliances are high-value targets; therefore, any vulnerability affecting the management interface must be addressed with extreme urgency. Organizations should verify that their Firebox firmware is up to date and that administrative access to the Web UI is strictly controlled and audited.