SB2026071507 - Multiple vulnerabilities in SonicWall SMA1000 Series appliances



SB2026071507 - Multiple vulnerabilities in SonicWall SMA1000 Series appliances

Published: July 15, 2026

Security Bulletin ID SB2026071507
CSH Severity
Critical
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Critical 50% High 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 vulnerabilities.


1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-15409)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:A/U:Red


The vulnerability allows a remote attacker to cause the appliance to make requests to unintended locations.

The vulnerability exists due to server-side request forgery in the SMA1000 Appliance Work Place interface when handling crafted requests. A remote attacker can send a specially crafted request to cause the appliance to make requests to unintended locations.

Active exploitation has been observed in the wild.


2) Code Injection (CVE-ID: CVE-2026-15410)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber


The vulnerability allows a remote user to execute arbitrary OS commands.

The vulnerability exists due to improper control of generation of code in the SMA1000 Appliance Management Console (AMC) when processing crafted input under specific conditions. A remote privileged user can submit crafted input to execute arbitrary OS commands.

The issue is post-authentication and requires administrator access. Active exploitation has been observed in the wild.


Remediation

Install update from vendor's website.