Threat Advisory

SonicWall SMA1000 Flaws Exposed to Zero-Day Attacks

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in SonicWall SMA1000 appliances, which are being actively exploited in zero-day attacks. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0.02800. The overall risk is high, with SonicWall urging customers to install the newly released security updates as soon as possible.

CVE-2026-15409 (CVSS 10.0 — Critical): A server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in SonicWall SMA1000 appliances, which are being actively exploited in zero-day attacks. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0.02800. The overall risk is high, with SonicWall urging customers to install the newly released security updates as soon as possible.

CVE-2026-15409 (CVSS 10.0 — Critical): A server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.[emaillocker id="1283"]

CVE-2026-15410 (CVSS 7.2 — High): A post-authentication code injection flaw in the SMA1000 Appliance Management Console could allow a remote authenticated administrator to execute arbitrary operating system commands. Administrators should re-image physical appliances or redeploy virtual appliances, change all user and administrator passwords, and reset TOTP tokens if a device is found to be compromised.

Immediate deployment of the official hotfix releases is mandatory to neutralize the active zero-day threat landscape and secure vulnerable entry points.

RECOMMENDATION:

We recommend you to refer this link: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu