Multiple Vulnerabilities in SonicWall SMA1000 Series
15 July 2026
Attackers are exploiting two zero-day vulnerabilities in the SMA1000 series appliances to perform server-side request forgery and execute arbitrary operating system commands. Patch immediately.
Background
SonicWall has released security updates to address two vulnerabilities (CVE-2026-15409 and CVE-2026-15410) affecting SMA1000 series appliances that are being actively exploited in the wild.
These vulnerabilities have a Common Vulnerability Scoring System (CVSS v3.1) scores of 10.0 and 7.2 out of 10 respectively.
Impact
Successful exploitation of these vulnerabilities could lead to the following:
CVE-2026-15409: Due to a server-side request forgery vulnerability in the SMA1000 Appliance Work Place interface, an unauthenticated remote attacker could potentially cause the appliance to make requests to unintended locations.
CVE-2026-15410: Due to a code injection vulnerability in the SMA1000 Appliance Management Console, a remote authenticated administrator could execute arbitrary operating system commands.
Known Exploitation
These vulnerabilities are reportedly under active exploitation.
Affected Products
These vulnerabilities affect the following SonicWall SMA1000 models: 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800.
These vulnerabilities do not impact SSL-VPN running on SonicWall firewalls or the SMA 100 Series product line.
Recommendations
Users and administrators of affected products are advised to update to platform-hotfix versions 12.4.3-03453 or 12.5.0-02835, or later releases, immediately.
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008
