Sonicos

This hub aggregates every CVE we track for Sonicos, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Sonicos.

• CVE-2026-0206A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.4.9Apr 29, 2026
• CVE-2026-0205A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.6.8Apr 29, 2026
• CVE-2026-0204A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.8.0Apr 29, 2026
• CVE-2026-3439A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.4.9Mar 4, 2026
• CVE-2026-0402A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.4.9Feb 24, 2026
• CVE-2026-0401A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.4.9Feb 24, 2026
• CVE-2026-0400A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.4.9Feb 24, 2026
• CVE-2026-0399Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.4.9Feb 24, 2026
• CVE-2025-40601A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.7.5Nov 20, 2025
• CVE-2025-40600Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption.9.8Jul 29, 2025
• CVE-2025-32818A Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (...7.5Apr 23, 2025
• CVE-2024-12802SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with M...9.1Jan 9, 2025
• CVE-2024-12806A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file.4.9Jan 9, 2025
• CVE-2024-12805A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.7.2Jan 9, 2025
• CVE-2024-12803A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution.7.2Jan 9, 2025