← volver
CVE-2026-13728

WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database

CVSS 5.9 MEDIUMCWE-798
Vexday Risk Score
10Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.9EPSS KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
02 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Productos afectados
WatchGuard · Fireware OS