Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Watchguard | Fireware | >= 12.7, < 12.11.8 |
| Watchguard | Firebox M270 | - |
| Watchguard | Firebox M290 | - |
| Watchguard | Firebox M370 | - |
| Watchguard | Firebox M390 | - |
| Watchguard | Firebox M440 | - |
| Watchguard | Firebox M4600 | - |
| Watchguard | Firebox M470 | - |
| Watchguard | Firebox M4800 | - |
| Watchguard | Firebox M5600 | - |
| Watchguard | Firebox M570 | - |
| Watchguard | Firebox M5800 | - |
| Watchguard | Firebox M590 | - |
| Watchguard | Firebox M670 | - |
| Watchguard | Firebox M690 | - |
| Watchguard | Firebox Nv5 | - |
| Watchguard | Firebox T20 | - |
| Watchguard | Firebox T25 | - |
| Watchguard | Firebox T40 | - |
| Watchguard | Firebox T45 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-3343?
CVE-2026-3343 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on...
How severe is CVE-2026-3343?
CVE-2026-3343 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3343?
Check the references section above for vendor advisories and patch information. Affected products include: Watchguard Fireware, Watchguard Firebox M270, Watchguard Firebox M290, Watchguard Firebox M370, Watchguard Firebox M390.