SonicWall SMA1000 Series Faces Active Exploitation of Zero-Day Vulnerabilities

SonicWall SMA1000 Series Faces Active Exploitation of Zero-Day Vulnerabilities

First seen 15 Jul 2026, 08:28 UTC Feeds2.FeedburnerCsa.SgGbhackersSecurityaffairs.CoCybersecuritynews 81% similarity 87.2

Article Content

Browse articles
ThreatCluster

SonicWall has reported two zero-day vulnerabilities (CVE-2026-15409 and CVE-2026-15410) in its SMA1000 series appliances, which are currently being actively exploited. CVE-2026-15409 allows unauthenticated remote attackers to perform server-side request forgery, while CVE-2026-15410 enables remote authenticated administrators to execute arbitrary operating system commands. Both vulnerabilities have been assigned CVSS scores of 10.0 and 7.2, respectively. Affected models include the SMA1000 series appliances 6210, 7210, and 8200v. SonicWall has advised users to immediately update to patched versions to mitigate risks. The vulnerabilities were first disclosed on July 14, 2026, and have been added to the CISA KEV list due to active exploitation. Organizations are urged to check for indicators of compromise and take necessary remediation steps.

Key Points: • Two zero-day vulnerabilities in SonicWall SMA1000 series are actively exploited. • CVE-2026-15409 has a CVSS score of 10.0, allowing unauthenticated SSRF attacks. • Immediate patching is required to protect affected systems from exploitation.

ThreatCluster AI

Timeline

2026-07-14
CVE-2026-15409 and CVE-2026-15410 published
SonicWall disclosed two critical vulnerabilities affecting SMA1000 series appliances, with active exploitation confirmed.
Csa.Sg
2026-07-14
CVE-2026-15409 and CVE-2026-15410 added to CISA KEV
Both vulnerabilities were added to the CISA Known Exploited Vulnerabilities list due to active exploitation.
Csa.Sg
2026-07-15
First public PoC released
Public proof of concept for CVE-2026-15409 and CVE-2026-15410 was made available, increasing risk of exploitation.
Csa.Sg
2026-07-15
SonicWall issues urgent security advisory
SonicWall urged users to patch their SMA1000 series appliances immediately to prevent exploitation of the vulnerabilities.
Csa.Sg

Community

Browse all →