Security · 1h ago
SonicWall SMA 1000 Zero-Days Under Active Attack, One Critical
SonicWall warns of active exploitation of two zero-day vulnerabilities in SMA 1000 series appliances. The most severe, CVE-2026-15409, has a CVSS score of 10.0 and allows unauthenticated remote attackers to execute arbitrary commands via SSRF. SonicWall has not yet released patches, urging users to apply mitigations.
Meridian48 take
The 10.0 CVSS score underscores the severity, but the lack of a patch means organizations must rely on workarounds—a risky position for critical network security appliances.
Read the full reporting
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands →
The Hacker News
zero-daysonicwall