Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.

SonicWall vulnerability

SonicWall is urging customers to immediately update SMA1000 secure remote access appliances, which are being targeted by threat actors via two new zero-day vulnerabilities. 

The vulnerabilities are tracked as CVE-2026-15409 and CVE-2026-15410, and they affect SMA1000 versions 6210, 7210, and 8200v. Enterprises using these products have been instructed to update to hotfix releases 12.4.3-03453 or 12.5.0-02835.

CVE-2026-15409 has been described as a critical server-side request forgery (SSRF) issue affecting the Appliance Work Place interface. It allows a remote, unauthenticated attacker to cause the targeted appliance to “make requests to unintended locations”.

CVE-2026-15410 is a high-severity code injection issue affecting the Appliance Management Console (AMC), and it can allow an attacker with admin privileges to execute arbitrary OS commands. 

“SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory,” SonicWall said in its advisory.

It’s unclear who is behind the zero-day exploitation, but the vendor has shared some IoCs to help enterprises detect potential attacks. Based on the company’s brief description, the two vulnerabilities may be chained.

Advertisement. Scroll to continue reading.

Volexity has been credited with assisting SonicWall’s investigation into the zero-day attacks, but the cybersecurity firm has yet to release any details. 

CISA added CVE-2026-15409 and CVE-2026-15410 to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, urging government agencies to address them by July 17. 

It’s not uncommon for threat actors, including profit-driven cybercriminals, to exploit vulnerabilities in SonicWall products. CISA’s KEV catalog currently includes 17 flaws, including ones affecting SMA1000 appliances.

Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days

Related: Organizations Warned of Exploited Joomla Extension Vulnerabilities

Related: BlueHammer Vulnerability Exploited in Ransomware Attacks

Related: Exploitation of Recent Oracle E-Business Suite Vulnerability Begins

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

F5 has appointed Cathy Peterman as Chief People Officer.

Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.

CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.