CVE-2026-13722
Received Received - Intake

Firmware Validation Bypass in WatchGuard Fireware OS

Vulnerability report for CVE-2026-13722, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-03

Last updated on: 2026-07-03

Assigner: WatchGuard Technologies, Inc.

Description

WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2025.6.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-03
Last Modified
2026-07-03
Generated
2026-07-03
AI Q&A
2026-07-03
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
watchguard fireware_os From 11.0 (inc) to 11.12.4_Update1 (inc)
watchguard fireware_os From 12.0 (inc) to 12.12 (inc)
watchguard fireware_os From 12.5 (inc) to 12.5.18 (inc)
watchguard fireware_os From 2025.1 (inc) to 2026.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in WatchGuard Fireware OS allows an authenticated administrator to bypass the firmware validation process when handling a backup image through the backup/restore feature.

By exploiting this flaw, the attacker can install a tampered or malicious firmware image on the device.

It affects multiple versions of Fireware OS, including versions 11.0 through 11.12.4_Update1, 12.0 through 12.12, and 2025.1 through 2026.2.

Impact Analysis

An attacker with authenticated administrator access can exploit this vulnerability to install unauthorized or malicious firmware on the affected device.

This can lead to a complete compromise of the device, potentially allowing the attacker to control network traffic, bypass security controls, or disrupt network operations.

Given the high CVSS score of 8.6, the impact is considered severe.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your WatchGuard Fireware OS to a fixed version where available.

  • For versions 2025.1 through 2026.2, upgrade to 2026.2.1 or later.
  • For versions 12.0 through 12.12, upgrade to 12.12.1 or later.

Note that versions 11.x are end-of-life and do not have a resolution available, so consider replacing or isolating devices running these versions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13722. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart