CVE-2026-3343

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.

References

Link	Resource
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:watchguard:firebox_m270:-:::::::*
	cpe:2.3:h:watchguard:firebox_m290:-:::::::*
	cpe:2.3:h:watchguard:firebox_m370:-:::::::*
	cpe:2.3:h:watchguard:firebox_m390:-:::::::*
	cpe:2.3:h:watchguard:firebox_m440:-:::::::*
	cpe:2.3:h:watchguard:firebox_m4600:-:::::::*
	cpe:2.3:h:watchguard:firebox_m470:-:::::::*
	cpe:2.3:h:watchguard:firebox_m4800:-:::::::*
	cpe:2.3:h:watchguard:firebox_m5600:-:::::::*
	cpe:2.3:h:watchguard:firebox_m570:-:::::::*
	cpe:2.3:h:watchguard:firebox_m5800:-:::::::*
	cpe:2.3:h:watchguard:firebox_m590:-:::::::*
	cpe:2.3:h:watchguard:firebox_m670:-:::::::*
	cpe:2.3:h:watchguard:firebox_m690:-:::::::*
	cpe:2.3:h:watchguard:firebox_nv5:-:::::::*
	cpe:2.3:h:watchguard:firebox_t20:-:::::::*
	cpe:2.3:h:watchguard:firebox_t25:-:::::::*
	cpe:2.3:h:watchguard:firebox_t40:-:::::::*
	cpe:2.3:h:watchguard:firebox_t45:-:::::::*
	cpe:2.3:h:watchguard:firebox_t55:-:::::::*
	cpe:2.3:h:watchguard:firebox_t70:-:::::::*
	cpe:2.3:h:watchguard:firebox_t80:-:::::::*
	cpe:2.3:h:watchguard:firebox_t85:-:::::::*
	cpe:2.3:h:watchguard:fireboxcloud:-:::::::*
	cpe:2.3:h:watchguard:fireboxv:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:watchguard:firebox_m295:-:::::::*
	cpe:2.3:h:watchguard:firebox_m395:-:::::::*
	cpe:2.3:h:watchguard:firebox_m495:-:::::::*
	cpe:2.3:h:watchguard:firebox_m595:-:::::::*
	cpe:2.3:h:watchguard:firebox_m695:-:::::::*
	cpe:2.3:h:watchguard:firebox_t115-w:-:::::::*
	cpe:2.3:h:watchguard:firebox_t125:-:::::::*
	cpe:2.3:h:watchguard:firebox_t125-w:-:::::::*
	cpe:2.3:h:watchguard:firebox_t145:-:::::::*
	cpe:2.3:h:watchguard:firebox_t145-w:-:::::::*
	cpe:2.3:h:watchguard:firebox_t185:-:::::::*

History

04 Mar 2026, 19:34

Type	Values Removed	Values Added
CPE		cpe:2.3:h:watchguard:firebox_m395:-:::::::* cpe:2.3:h:watchguard:firebox_t115-w:-:::::::* cpe:2.3:h:watchguard:firebox_t185:-:::::::* cpe:2.3:h:watchguard:firebox_m495:-:::::::* cpe:2.3:h:watchguard:firebox_t45:-:::::::* cpe:2.3:h:watchguard:firebox_m595:-:::::::* cpe:2.3:h:watchguard:firebox_m4800:-:::::::* cpe:2.3:h:watchguard:firebox_m5600:-:::::::* cpe:2.3:h:watchguard:firebox_t20:-:::::::* cpe:2.3:h:watchguard:fireboxcloud:-:::::::* cpe:2.3:h:watchguard:firebox_m670:-:::::::* cpe:2.3:h:watchguard:firebox_t125-w:-:::::::* cpe:2.3:h:watchguard:firebox_m570:-:::::::* cpe:2.3:h:watchguard:firebox_m690:-:::::::* cpe:2.3:h:watchguard:firebox_t40:-:::::::* cpe:2.3:h:watchguard:firebox_m290:-:::::::* cpe:2.3:h:watchguard:firebox_m4600:-:::::::* cpe:2.3:h:watchguard:firebox_m370:-:::::::* cpe:2.3:h:watchguard:firebox_t55:-:::::::* cpe:2.3:h:watchguard:firebox_m295:-:::::::* cpe:2.3:h:watchguard:firebox_m470:-:::::::* cpe:2.3:h:watchguard:fireboxv:-:::::::* cpe:2.3:h:watchguard:firebox_t85:-:::::::* cpe:2.3:h:watchguard:firebox_m440:-:::::::* cpe:2.3:h:watchguard:firebox_m270:-:::::::* cpe:2.3:h:watchguard:firebox_m390:-:::::::* cpe:2.3:h:watchguard:firebox_t125:-:::::::* cpe:2.3:h:watchguard:firebox_t70:-:::::::* cpe:2.3:h:watchguard:firebox_t25:-:::::::* cpe:2.3:h:watchguard:firebox_t145-w:-:::::::* cpe:2.3:h:watchguard:firebox_t145:-:::::::* cpe:2.3:h:watchguard:firebox_m695:-:::::::* cpe:2.3:h:watchguard:firebox_nv5:-:::::::* cpe:2.3:h:watchguard:firebox_m5800:-:::::::* cpe:2.3:h:watchguard:firebox_m590:-:::::::* cpe:2.3:o:watchguard:fireware:::::::: cpe:2.3:h:watchguard:firebox_t80:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~() https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004 -~~	() https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004 - Vendor Advisory
First Time		Watchguard firebox M290 Watchguard firebox M595 Watchguard Watchguard firebox M390 Watchguard firebox Nv5 Watchguard firebox T45 Watchguard firebox M670 Watchguard firebox M5600 Watchguard firebox M570 Watchguard firebox T85 Watchguard firebox M395 Watchguard firebox T20 Watchguard firebox M5800 Watchguard firebox T70 Watchguard firebox M4600 Watchguard firebox M270 Watchguard firebox M370 Watchguard firebox M470 Watchguard firebox M590 Watchguard firebox T125-w Watchguard firebox M495 Watchguard firebox T115-w Watchguard firebox M440 Watchguard firebox T125 Watchguard firebox T25 Watchguard firebox T185 Watchguard firebox M4800 Watchguard firebox T55 Watchguard fireboxv Watchguard fireware Watchguard firebox T40 Watchguard firebox M295 Watchguard firebox M695 Watchguard firebox T145-w Watchguard firebox T145 Watchguard fireboxcloud Watchguard firebox T80 Watchguard firebox M690

04 Mar 2026, 16:16

Type	Values Removed	Values Added
References	~~{'url': 'https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-0004', 'source': '5d1c2695-1a31-4499-88ae-e847036fd7e3'}~~	() https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004 -

03 Mar 2026, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-03 14:15

Updated : 2026-03-04 19:34

NVD link : CVE-2026-3343

Mitre link : CVE-2026-3343

CVE.ORG link : CVE-2026-3343

JSON object : View

Products Affected

watchguard

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1 /10