SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
Key Points:
- SonicWall has issued a warning about active exploitation of two critical vulnerabilities in its SMA1000 appliances, CVE-2026-15409 (SSRF) and CVE-2026-15410 (post-authentication code injection), urging customers to apply newly released security hotfixes immediately.
- CVE-2026-15409 allows remote unauthenticated attackers to make the appliance request unintended locations, while CVE-2026-15410 enables authenticated administrators to execute arbitrary OS commands; both have been assigned a CVSS score of 10.0 by SonicWall.
- Affected SMA1000 models include 6210, 7210, and 8200v running specific platform-hotfix releases, with patches available in later hotfix versions; these vulnerabilities do not affect SonicWall firewalls’ SSL-VPN or the SMA 100 Series.
- SonicWall provided indicators of compromise (IOCs) for administrators to detect potential breaches and recommends re-imaging or redeploying compromised devices, resetting passwords and tokens, as no mitigations exist besides patching.
- The U.S. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to secure affected systems by July 17, 2026, under Binding Operational Directive 26-04.