Back

SonicWall SonicOS Vulnerabilities Expose Firewalls to Unauthorized Access and Crashes

Severity: High (Score: 69.0)

Sources: Cybersecuritynews, Gbhackers, www.cve.org, psirt.global.sonicwall.com, Digital.Nhs.Uk

Summary

SonicWall has identified three critical vulnerabilities in its SonicOS firewall operating system, disclosed in security advisory SNWLID-2026-0004. The most severe vulnerability, CVE-2026-0204, allows unauthenticated attackers to bypass authentication and access management interface functions, rated with a CVSS score of 8.0. Additionally, CVE-2026-0205 enables logged-in users to exploit a path traversal vulnerability, while CVE-2026-0206 allows for a denial-of-service attack through a stack-based buffer overflow. These vulnerabilities were reported by CrowdStrike and have not yet been actively exploited. SonicWall has released patches for affected firmware versions, urging administrators to apply updates immediately. Organizations using SonicWall firewalls should also consider disabling the management interface temporarily as a precaution. The vulnerabilities could potentially lead to unauthorized access to sensitive functions and service disruptions. Key Points: • Three vulnerabilities in SonicWall SonicOS allow unauthorized access and denial-of-service attacks. • CVE-2026-0204 has a high severity score of 8.0, enabling unauthenticated access to management functions. • SonicWall has released patches and recommends immediate action to secure affected systems.

Key Entities

  • DDoS (attack_type)
  • Zero-day Exploit (attack_type)
  • CrowdStrike (company)
  • Sonicwall (company)
  • CVE-2026-0204 (cve)
  • CVE-2026-0205 (cve)
  • CVE-2026-0206 (cve)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • CWE-22 - Path Traversal (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • CWE-862 - Missing Authorization (cwe)
  • SonicOS (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed