CVE-2026-3344
published 2026-03-03CVE-2026-3344: A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a…
PriorityP429medium4.9CVSS 3.1
AVNACLPRHUINSUCNIHAN
EPSS
0.26%
17.1th percentile
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| watchguard | fireware | >= 12.0 < 12.11.8 | 12.11.8 |
| watchguard | fireware | >= 12.5.9 < 12.5.17 | 12.5.17 |
| watchguard | fireware | >= 2025.1 < 2026.1.2 | 2026.1.2 |
| watchguard | fireware_os | 12.0 – 12.11.7 | — |
| watchguard | fireware_os | 12.5.9 – 12.5.16 | — |
| watchguard | fireware_os | 2025.1 – 2026.1.1 | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-14733 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2025-14733 [CRITICAL] CVE-2025-14733 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14733 :
WatchGuard Firebox vulnerability analysis and mitigation
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.
Source : NVD
## 9.3
Score
Published December 19, 2025
Severity CRITICAL
CNA Score 9.3
High-profile Vulnerability Yes
Affected Technologies
WatchGuard Firebox
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation P
Wiz
CVE-2026-3343 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3343 [CRITICAL] CVE-2026-3343 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3343 :
WatchGuard Firebox vulnerability analysis and mitigation
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link.
This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Source : NVD
## 5.1
Score
Published March 3, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
WatchGuard Firebox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:o:watchguard:fireware
S
Wiz
CVE-2026-3344 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3344 [CRITICAL] CVE-2026-3344 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3344 :
WatchGuard Firebox vulnerability analysis and mitigation
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including 12.5.16, and 2025.1 up to and including 2026.1.1.
Source : NVD
## 6.9
Score
Published March 3, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
WatchGuard Firebox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:o:watchguard:fireware
Wiz
CVE-2026-3342 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-3342 [CRITICAL] CVE-2026-3342 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3342 :
WatchGuard Firebox vulnerability analysis and mitigation
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface.
This vulnerability affects Fireware OS 11.9 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
Source : NVD
## 8.6
Score
Published March 3, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
WatchGuard Firebox
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:o:watchguar
2026-03-03
Published