CVE-2026-13728
WatchGuard Firebox Hardcoded Fallback Encryption Key in Access Portal Resource Credential Database
Vexday Risk Score
10Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.9EPSS —KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
02 jul 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources.
This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N
Produtos afetados
WatchGuard · Fireware OS