{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4315", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "state": "PUBLISHED", "assignerShortName": "WatchGuard", "dateReserved": "2026-03-17T07:45:03.793Z", "datePublished": "2026-03-30T12:38:15.842Z", "dateUpdated": "2026-03-30T13:27:05.601Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Fireware OS", "vendor": "WatchGuard", "versions": [{"lessThanOrEqual": "11.12.4+541730", "status": "affected", "version": "11.8", "versionType": "semver"}, {"lessThanOrEqual": "12.11.8", "status": "affected", "version": "12.0", "versionType": "semver"}, {"lessThanOrEqual": "12.5.17", "status": "affected", "version": "12.5", "versionType": "semver"}, {"lessThanOrEqual": "2026.1.2", "status": "affected", "version": "2025.1", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.8", "versionEndIncluding": "11.12.4+541730", "versionStartIncluding": "11.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0", "versionEndIncluding": "12.11.8", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5", "versionEndIncluding": "12.5.12", "versionStartIncluding": "12.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "versionEndIncluding": "2026.1.2", "versionStartIncluding": "2025.1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.<p>This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2.</p>"}], "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "WatchGuard is not aware of any exploitation of this issue in the wild."}], "value": "WatchGuard is not aware of any exploitation of this issue in the wild."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-03-30T12:38:15.842Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00006"}], "source": {"advisory": "WGSA-2026-00006", "defect": ["FBX-31024"], "discovery": "EXTERNAL"}, "title": "WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T13:26:57.195560Z", "id": "CVE-2026-4315", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T13:27:05.601Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4315", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T13:26:57.195560Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T13:27:01.866Z"}}], "cna": {"title": "WatchGuard Firebox Cross-Site Request Forgery (CSRF) in Fireware Web UI", "source": {"defect": ["FBX-31024"], "advisory": "WGSA-2026-00006", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Simone Paganessi (https://www.linkedin.com/in/simonepaganessi)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WatchGuard", "product": "Fireware OS", "versions": [{"status": "affected", "version": "11.8", "versionType": "semver", "lessThanOrEqual": "11.12.4+541730"}, {"status": "affected", "version": "12.0", "versionType": "semver", "lessThanOrEqual": "12.11.8"}, {"status": "affected", "version": "12.5", "versionType": "semver", "lessThanOrEqual": "12.5.17"}, {"status": "affected", "version": "2025.1", "versionType": "semver", "lessThanOrEqual": "2026.1.2"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "WatchGuard is not aware of any exploitation of this issue in the wild.", "supportingMedia": [{"type": "text/html", "value": "WatchGuard is not aware of any exploitation of this issue in the wild.", "base64": false}]}], "references": [{"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00006", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2.", "supportingMedia": [{"type": "text/html", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.<p>This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:11.8", "vulnerable": true, "versionEndIncluding": "11.12.4+541730", "versionStartIncluding": "11.8"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.0", "vulnerable": true, "versionEndIncluding": "12.11.8", "versionStartIncluding": "12.0"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:12.5", "vulnerable": true, "versionEndIncluding": "12.5.12", "versionStartIncluding": "12.5"}, {"criteria": "cpe:2.3:a:watchguard:fireware_os:*:*:*:*:*:*:*:2025.1", "vulnerable": true, "versionEndIncluding": "2026.1.2", "versionStartIncluding": "2025.1"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "shortName": "WatchGuard", "dateUpdated": "2026-03-30T12:38:15.842Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4315", "state": "PUBLISHED", "dateUpdated": "2026-03-30T13:27:05.601Z", "dateReserved": "2026-03-17T07:45:03.793Z", "assignerOrgId": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "datePublished": "2026-03-30T12:38:15.842Z", "assignerShortName": "WatchGuard"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the WatchGuard Fireware OS WebUI could allow a remote attacker to trigger a denial-of-service (DoS) condition in the Fireware Web UI by convincing an authenticated administrator into visiting a malicious web page.This issue affects Fireware OS: 11.8 through 11.12.4+541730, 12.0 through 12.11.8, and 2025.1 through 2026.1.2."}], "id": "CVE-2026-4315", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}, "published": "2026-03-30T13:16:22.750", "references": [{"source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00006"}], "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[11.8,11.12.4+541730]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.0,12.11.8]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[12.5,12.5.17]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2025.1,2026.1.2]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Fireware OS", "source": "cna", "vendor": "WatchGuard"}, "product": "fireware_os", "vendor": "watchguard"}], "analysis": {"en": {"generated_at": "2026-03-30T14:35:47.901721+00:00", "value": {"mitigation_remediation": ["Apply the latest WatchGuard firmware update that addresses CVE\u20112026\u20114315.", "If a patch is not yet available, isolate the device from untrusted networks until remediation can be applied.", "Monitor administrator login activity and enforce strict access controls to reduce the likelihood of phishing or social\u2011engineering attempts."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via CSRF"}, "threat_synthesis": {"affected_systems": "Directly impacted devices are WatchGuard Fireware OS appliances running versions\u202f11.8 through\u202f11.12.4+541730,\u202f12.0 through\u202f12.11.8, and\u202f2025.1 through\u202f2026.1.2. This includes all Firebox models provisioned with the affected firmware releases.\n\n", "description_and_impact": "An attacker can exploit a cross\u2011site request forgery flaw in the WatchGuard Fireware OS Web UI. The flaw allows a remote user to trick an authenticated administrator into visiting a crafted web page, causing the Fireware Web UI to crash or become unavailable. The vulnerability is a traditional CSRF weakness (CWE\u2011352) that results in a denial\u2011of\u2011service condition for the web interface, impacting availability and potentially disrupting management functions.\n\n", "risk_and_exploitability": "With a CVSS base score of\u202f7.1 the vulnerability is considered moderate to high risk. The EPSS score is unavailable, and the issue is not listed in the CISA KEV catalog, suggesting that widespread, automated exploitation may not yet be occurring. The attack requires an attacker to lure a legitimate administrator to a malicious page; no elevation or arbitrary code execution is involved, but the resulting denial of service can impair administrative access and delay critical updates."}}}}, "created": "2026-03-30T20:55:44.830124+00:00", "updated": "2026-03-31T20:40:55.563454+00:00", "vendors": ["watchguard", "watchguard$PRODUCT$fireware_os"]}