BleepingComputer ·EN-US News source Exploited in the wildSMA1000 Appliance
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
CVE Tools coverage
SonicWall has issued a warning that two critical vulnerabilities in its SMA1000 Appliance are currently being exploited in real-world attacks. The flaws, identified as CVE-2026-15409 (CVSS 10.0) and CVE-2026-15410 (CVSS 7.2), enable remote attackers to perform server-side request forgery and execute arbitrary commands after authentication. These issues affect specific SMA1000 models running outdated firmware versions. SonicWall urges users to apply the latest hotfixes immediately to prevent potential breaches. CISA has also listed these vulnerabilities in its KEV catalog due to their active exploitation.