SecuriTricks - CVE-2026-3343

Description

A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

Product(s) Impacted

Vendor	Product	Versions
Watchguard	Fireware Firebox M270 Firebox M290 Firebox M370 Firebox M390 Firebox M440 Firebox M4600 Firebox M470 Firebox M4800 Firebox M5600 Firebox M570 Firebox M5800 Firebox M590 Firebox M670 Firebox M690 Firebox Nv5 Firebox T20 Firebox T25 Firebox T40 Firebox T45 Firebox T55 Firebox T70 Firebox T80 Firebox T85 Fireboxcloud Fireboxv Firebox M295 Firebox M395 Firebox M495 Firebox M595 Firebox M695 Firebox T115-w Firebox T125 Firebox T125-w Firebox T145 Firebox T145-w Firebox T185	* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	watchguard	fireware	/	/	/	/	/	/	/	/
h	watchguard	firebox_m270	-	/	/	/	/	/	/	/
h	watchguard	firebox_m290	-	/	/	/	/	/	/	/
h	watchguard	firebox_m370	-	/	/	/	/	/	/	/
h	watchguard	firebox_m390	-	/	/	/	/	/	/	/
h	watchguard	firebox_m440	-	/	/	/	/	/	/	/
h	watchguard	firebox_m4600	-	/	/	/	/	/	/	/
h	watchguard	firebox_m470	-	/	/	/	/	/	/	/
h	watchguard	firebox_m4800	-	/	/	/	/	/	/	/
h	watchguard	firebox_m5600	-	/	/	/	/	/	/	/
h	watchguard	firebox_m570	-	/	/	/	/	/	/	/
h	watchguard	firebox_m5800	-	/	/	/	/	/	/	/
h	watchguard	firebox_m590	-	/	/	/	/	/	/	/
h	watchguard	firebox_m670	-	/	/	/	/	/	/	/
h	watchguard	firebox_m690	-	/	/	/	/	/	/	/
h	watchguard	firebox_nv5	-	/	/	/	/	/	/	/
h	watchguard	firebox_t20	-	/	/	/	/	/	/	/
h	watchguard	firebox_t25	-	/	/	/	/	/	/	/
h	watchguard	firebox_t40	-	/	/	/	/	/	/	/
h	watchguard	firebox_t45	-	/	/	/	/	/	/	/
h	watchguard	firebox_t55	-	/	/	/	/	/	/	/
h	watchguard	firebox_t70	-	/	/	/	/	/	/	/
h	watchguard	firebox_t80	-	/	/	/	/	/	/	/
h	watchguard	firebox_t85	-	/	/	/	/	/	/	/
h	watchguard	fireboxcloud	-	/	/	/	/	/	/	/
h	watchguard	fireboxv	-	/	/	/	/	/	/	/
o	watchguard	fireware	/	/	/	/	/	/	/	/
h	watchguard	firebox_m295	-	/	/	/	/	/	/	/
h	watchguard	firebox_m395	-	/	/	/	/	/	/	/
h	watchguard	firebox_m495	-	/	/	/	/	/	/	/
h	watchguard	firebox_m595	-	/	/	/	/	/	/	/
h	watchguard	firebox_m695	-	/	/	/	/	/	/	/
h	watchguard	firebox_t115-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t125	-	/	/	/	/	/	/	/
h	watchguard	firebox_t125-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t145	-	/	/	/	/	/	/	/
h	watchguard	firebox_t145-w	-	/	/	/	/	/	/	/
h	watchguard	firebox_t185	-	/	/	/	/	/	/	/

References

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004

CVSS Score

5.1 / 10

CVSS Data - 4.0

Attack Vector: NETWORK
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: NONE
User Interaction: ACTIVE
Scope:
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: NONE
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

View Vector String

Timeline

Published: March 3, 2026, 2:15 p.m.
Last Modified: March 4, 2026, 7:34 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

5d1c2695-1a31-4499-88ae-e847036fd7e3

CVE-2026-3343