CVE-2026-3343

MEDIUM EPSS 9.5%
Published Mar 3, 20263mo ago · Modified Jun 17, 20261w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Mar 3, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
9.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 38

VendorProductVersionRange
watchguardfireware*≥12.7  –  <12.11.8
watchguardfirebox_m270*any
watchguardfirebox_m290*any
watchguardfirebox_m370*any
watchguardfirebox_m390*any
watchguardfirebox_m440*any
watchguardfirebox_m4600*any
watchguardfirebox_m470*any
watchguardfirebox_m4800*any
watchguardfirebox_m5600*any
watchguardfirebox_m570*any
watchguardfirebox_m5800*any
watchguardfirebox_m590*any
watchguardfirebox_m670*any
watchguardfirebox_m690*any
watchguardfirebox_nv5*any
watchguardfirebox_t20*any
watchguardfirebox_t25*any
watchguardfirebox_t40*any
watchguardfirebox_t45*any
watchguardfirebox_t55*any
watchguardfirebox_t70*any
watchguardfirebox_t80*any
watchguardfirebox_t85*any
watchguardfireboxcloud*any
watchguardfireboxv*any
watchguardfireware*≥2025.1  –  <2026.1.2
watchguardfirebox_m295*any
watchguardfirebox_m395*any
watchguardfirebox_m495*any
watchguardfirebox_m595*any
watchguardfirebox_m695*any
watchguardfirebox_t115-w*any
watchguardfirebox_t125*any
watchguardfirebox_t125-w*any
watchguardfirebox_t145*any
watchguardfirebox_t145-w*any
watchguardfirebox_t185*any

References 1

  • watchguard.com https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.