Find notable cyber news and cases, enriched with sources, timelines, and signals.

SonicWall SMA1000 SSRF and code injection flaws (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

SonicWall SMA1000 devices face active exploitation of CVE-2026-15409 and CVE-2026-15410, creating urgent risk for exposed appliances. CVE-2026-15409 is a CVSS 10.0 SSRF flaw and CVE-2026-15410 is a CVSS 7.2 code injection issue in the management console. SonicWall says both flaws are being actively exploited in zero-day attacks and urges customers to install the newly released hotfixes immediately. CISA KEV listing confirms the flaws are already being used in attacks.

Related Happenings

SonicWall MySonicWall cloud backup breach exposing firewall backup files

Data Leak
H score40 First: 29.01.2026 19:57 Last: 29.01.2026 19:57 Sources 1

About this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...

Q3 2025 ransomware cases shift toward compromised VPN credentials

Trend
H score35 First: 19.11.2025 11:40 Last: 19.11.2025 11:40 Sources 1

About this happening: **Ransomware surged in Q3 2025**, and **compromised VPN credentials** became the most common initial-access route, increasing exposure across remote-access environments. **Three g...

Timeline

  1. 15.07.2026 00:23 2 articles · 3h ago

    SonicWall warns of active zero-day exploitation of SMA1000 flaws

    Initial Disclosure

    SonicWall warns that threat actors are exploiting CVE-2026-15409 and CVE-2026-15410 in zero-day attacks against SMA1000 devices. CVE-2026-15409 is a critical SSRF flaw in the Appliance Work Place interface, and CVE-2026-15410 is a high-severity post-authentication code injection flaw in the Appliance Management Console; fixes are available in platform-hotfix 12.4.3-03453 and 12.5.0-02835, and SonicWall shares indicators of compromise for affected appliances.

    Show sources
  2. 15.07.2026 00:23 1 articles · 3h ago

    Federal agencies face July 17, 2026 deadline for affected SMA1000 systems

    Legal Policy Action Update

    Federal agencies have until July 17, 2026 to secure affected SMA1000 systems under Binding Operational Directive 26-04 or discontinue use of the product if mitigations cannot be applied. The deadline creates a separate compliance obligation for U.S. government users of the vulnerable appliances.

    Show sources