Skip to content
Tech News
← Back to articles

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

read original more articles

SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.

CVE-2026-15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.

CVE-2026-15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands.

While CVE-2026-15410 requires administrator privileges, SonicWall assigned the advisory an overall CVSS score of 10.0.

SonicWall says it investigated multiple incidents and confirmed that both vulnerabilities are being actively exploited.

"SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory," SonicWall warned.

"Customers are strongly urged to upgrade to the hotfix release as soon as possible to remediate these vulnerabilities"

However, the company has not disclosed whether attackers are chaining them together. BleepingComputer has contacted SonicWall to clarify the attacks and will update this story if we receive a response.

The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800. Fixes are available in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835, and later releases.

SonicWall says the vulnerabilities do not impact SSL-VPN running on SonicWall firewalls or the SMA 100 Series product line.

... continue reading