Multiple security vulnerabilities have been identified in SonicWall SMA1000 appliances, which are being actively exploited in zero-day attacks. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0.02800. The overall risk is high, with SonicWall urging customers to install the newly released security updates as soon as possible.
CVE-2026-15409 (CVSS 10.0 — Critical): A server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.[/subscribe_to_unlock_form]
Multiple security vulnerabilities have been identified in SonicWall SMA1000 appliances, which are being actively exploited in zero-day attacks. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running platform-hotfix releases 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0.02800. The overall risk is high, with SonicWall urging customers to install the newly released security updates as soon as possible.
CVE-2026-15409 (CVSS 10.0 — Critical): A server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.[emaillocker id="1283"]
CVE-2026-15410 (CVSS 7.2 — High): A post-authentication code injection flaw in the SMA1000 Appliance Management Console could allow a remote authenticated administrator to execute arbitrary operating system commands. Administrators should re-image physical appliances or redeploy virtual appliances, change all user and administrator passwords, and reset TOTP tokens if a device is found to be compromised.
Immediate deployment of the official hotfix releases is mandatory to neutralize the active zero-day threat landscape and secure vulnerable entry points.
We recommend you to refer this link: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008
The following reports contain further technical details:
[/emaillocker]