Main Vulnerability Database Vulnerabilities #VU125516

SQL injection in SonicWall SMA 1000 - CVE-2026-4112

Published: April 8, 2026

Vulnerability identifier: #VU125516

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-4112

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SonicWall

Affected software:
SonicWall SMA 1000

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges to primary administrator.

The vulnerability exists due to improper neutralization of special elements used in an sql command in SonicWall SMA1000 series appliances when handling sql queries. A remote privileged user can inject crafted sql input to escalate privileges to primary administrator.

Exploitation requires read-only administrator privileges.

How to mitigate CVE-2026-4112

Install security update from vendor's website.

Sources

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

SQL injection in SonicWall SMA 1000 - CVE-2026-4112

Detailed vulnerability description

How to mitigate CVE-2026-4112

Sources

Please verify you're human