Deserialization in Watchguard Fireware Os

CVE-2026-13371

An authenticated administrator can trigger a denial-of-service condition in the Fireware Management Web UI by sending malformed or crafted data to the put_data endpoint, which performs unsafe deserialization of the attacker-supplied input.

Vulnerability class: Insecure Deserialization

Affected products

Weakness classification (CWE)

References