WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI

Advisory ID

WGSA-2026-00004

CVE

CVE-2026-3343

Impact

Medium

Status

Resolved

Product Family

Firebox

Published Date

2026-03-03

Updated Date

2026-03-03

Workaround Available

False

CVSS Score

5.1

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.

Affected

This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

Resolution

Vulnerable Version	Resolved Version
2025.1	2026.1.2
12.x	12.11.8

Credits

btaol

Advisory Product List

Product Family	Product Branch	Product List
Firebox	Fireware OS 2025.1.x	T115-W, T125, T125-W, T145, T145-W, T185, M295, M395, M495, M595, M695
Firebox	Fireware OS 12.x	T20, T25, T40, T45, T55, T70, T80, T85, M270, M290, M370, M390, M470, M570, M590, M670, M690, M440, M4600, M4800, M5600, M5800, Firebox Cloud, Firebox NV5, FireboxV

Advisory List

Go to