CVE-2026-13728

Severity CVSS v4.0:
MEDIUM
Type:
CWE-798 Use of Hard-coded Credentials
Publication date:
03/07/2026
Last modified:
03/07/2026

Description

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources.<br /> <br /> This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does not affect devices that do not support the Access Portal feature or standalone Fireboxes not deployed in a FireCluster.

References to Advisories, Solutions, and Tools