Main Vulnerability Database Vulnerabilities #VU125516

#VU125516 SQL injection in SonicWall SMA 1000 - CVE-2026-4112

Published: April 8, 2026

Vulnerability identifier: #VU125516

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-4112

CWE-ID: CWE-89

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SonicWall SMA 1000

Software vendor:
SonicWall

Description

The vulnerability allows a remote user to escalate privileges to primary administrator.

The vulnerability exists due to improper neutralization of special elements used in an sql command in SonicWall SMA1000 series appliances when handling sql queries. A remote privileged user can inject crafted sql input to escalate privileges to primary administrator.

Exploitation requires read-only administrator privileges.

Remediation

Install security update from vendor's website.

External links

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

#VU125516 SQL injection in SonicWall SMA 1000 - CVE-2026-4112

Description

Remediation

External links

Please verify you're human