SB20260408177 - Multiple vulnerabilities in SonicWall SMA 1000
Published: April 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2026-4112)
The vulnerability allows a remote user to escalate privileges to primary administrator.
The vulnerability exists due to improper neutralization of special elements used in an sql command in SonicWall SMA1000 series appliances when handling sql queries. A remote privileged user can inject crafted sql input to escalate privileges to primary administrator.
Exploitation requires read-only administrator privileges.
2) Observable Response Discrepancy (CVE-ID: CVE-2026-4113)
The vulnerability allows a remote attacker to enumerate SSL VPN user credentials.
The vulnerability exists due to observable response discrepancy in the authentication mechanism when handling authentication requests. A remote attacker can send crafted authentication attempts to enumerate SSL VPN user credentials.
3) Improper Handling of Unicode Encoding (CVE-ID: CVE-2026-4114)
The vulnerability allows a remote user to bypass AMC TOTP authentication.
The vulnerability exists due to improper handling of unicode encoding in SonicWall SMA1000 series appliances when processing AMC authentication input. A remote privileged user can use crafted unicode input to bypass AMC TOTP authentication.
4) Improper Handling of Unicode Encoding (CVE-ID: CVE-2026-4116)
The vulnerability allows a remote user to bypass Workplace/Connect Tunnel TOTP authentication.
The vulnerability exists due to improper handling of unicode encoding in SonicWall SMA1000 series appliances when processing Workplace/Connect Tunnel authentication input. A remote user can use crafted unicode input to bypass Workplace/Connect Tunnel TOTP authentication.
Remediation
Install update from vendor's website.