SonicWall SMA1000 SSRF and code injection flaws (multiple vulnerabilities)
Vulnerability
Summary
Hide ▲
Show ▼
SonicWall SMA1000 devices face active exploitation of CVE-2026-15409 and CVE-2026-15410, creating urgent risk for exposed appliances. CVE-2026-15409 is a CVSS 10.0 SSRF flaw and CVE-2026-15410 is a CVSS 7.2 code injection issue in the management console. SonicWall says both flaws are being actively exploited in zero-day attacks and urges customers to install the newly released hotfixes immediately. CISA KEV listing confirms the flaws are already being used in attacks.
Related Happenings
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data Leak
H score40
First: 29.01.2026 19:57
Last: 29.01.2026 19:57
Sources 1
About this happening:
**SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
SonicWall MySonicWall cloud backup breach exposing firewall backup files
Data LeakAbout this happening: **SonicWall** said a **state-sponsored threat actor** stole **firewall configuration backup files** from its **MySonicWall cloud backup service** in a **September** security breac...
Q3 2025 ransomware cases shift toward compromised VPN credentials
Trend
H score35
First: 19.11.2025 11:40
Last: 19.11.2025 11:40
Sources 1
About this happening:
**Ransomware surged in Q3 2025**, and **compromised VPN credentials** became the most common initial-access route, increasing exposure across remote-access environments. **Three g...
Q3 2025 ransomware cases shift toward compromised VPN credentials
TrendAbout this happening: **Ransomware surged in Q3 2025**, and **compromised VPN credentials** became the most common initial-access route, increasing exposure across remote-access environments. **Three g...
Timeline
-
15.07.2026 00:23 2 articles · 3h ago
SonicWall warns of active zero-day exploitation of SMA1000 flaws
Initial DisclosureSonicWall warns that threat actors are exploiting CVE-2026-15409 and CVE-2026-15410 in zero-day attacks against SMA1000 devices. CVE-2026-15409 is a critical SSRF flaw in the Appliance Work Place interface, and CVE-2026-15410 is a high-severity post-authentication code injection flaw in the Appliance Management Console; fixes are available in platform-hotfix 12.4.3-03453 and 12.5.0-02835, and SonicWall shares indicators of compromise for affected appliances.
Show sources
- SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now — www.bleepingcomputer.com — 15.07.2026 00:23
- SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now — www.bleepingcomputer.com — 15.07.2026 00:23
-
15.07.2026 00:23 1 articles · 3h ago
Federal agencies face July 17, 2026 deadline for affected SMA1000 systems
Legal Policy Action UpdateFederal agencies have until July 17, 2026 to secure affected SMA1000 systems under Binding Operational Directive 26-04 or discontinue use of the product if mitigations cannot be applied. The deadline creates a separate compliance obligation for U.S. government users of the vulnerable appliances.
Show sources
- SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now — www.bleepingcomputer.com — 15.07.2026 00:23