CVE-2026-13722
CVE-2026-13722 is a high-severity vulnerability with a CVSS 4.0 base score of 8.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-347.
Key facts
- Severity: High (CVSS 4.0 base score 8.6)
- EPSS exploit prediction: 0% (14th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-347
- Published:
- Last modified:
Description
WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2025.6.2.
Frequently asked questions
- What is CVE-2026-13722?
- WatchGuard Fireware OS contains a firmware validation bypass when processing a backup image via the backup/restore feature. An authenticated administrator can exploit this vulnerability to install a tampered firmware image.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4_Update1, 12.0 up to and including 12.12 and 2025.1 up to and including 2025.6.2.
- How severe is CVE-2026-13722?
- CVE-2026-13722 has a CVSS 4.0 base score of 8.6, rated high severity.
- Is CVE-2026-13722 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (14th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-13722?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2026-13722 published?
- CVE-2026-13722 was published on 2026-07-03 and last updated on 2026-07-07.
References
Other CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities
- CVE-2026-48558 — Critical (CVSS 10.0): SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the…
- CVE-2023-25574 — Critical (CVSS 10.0): `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI).…
- CVE-2024-45409 — Critical (CVSS 10.0): The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <=…
- CVE-2024-32962 — Critical (CVSS 10.0): xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default…
- CVE-2022-24884 — Critical (CVSS 10.0): ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()`…
- CVE-2021-33885 — Critical (CVSS 10.0): An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a…
Browse all CWE-347 (Improper Verification of Cryptographic Signature) vulnerabilities →