← Back to CVEs
CVE-2026-3343
MEDIUM6.1
Description
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
CVE Details
CVSS v3.1 Score6.1
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published3/3/2026
Last Modified3/4/2026
Sourcenvd
Honeypot Sightings0
Affected Products
watchguard:firebox_m270watchguard:firebox_m290watchguard:firebox_m295watchguard:firebox_m370watchguard:firebox_m390watchguard:firebox_m395watchguard:firebox_m440watchguard:firebox_m4600watchguard:firebox_m470watchguard:firebox_m4800watchguard:firebox_m495watchguard:firebox_m5600watchguard:firebox_m570watchguard:firebox_m5800watchguard:firebox_m590watchguard:firebox_m595watchguard:firebox_m670watchguard:firebox_m690watchguard:firebox_m695watchguard:firebox_nv5watchguard:firebox_t115-wwatchguard:firebox_t125watchguard:firebox_t125-wwatchguard:firebox_t145watchguard:firebox_t145-wwatchguard:firebox_t185watchguard:firebox_t20watchguard:firebox_t25watchguard:firebox_t40watchguard:firebox_t45watchguard:firebox_t55watchguard:firebox_t70watchguard:firebox_t80watchguard:firebox_t85watchguard:fireboxcloudwatchguard:fireboxvwatchguard:fireware
Weaknesses (CWE)
CWE-79
References
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004(5d1c2695-1a31-4499-88ae-e847036fd7e3)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.