Server-Side Request Forgery (SSRF) in SonicWall SMA 1000 - CVE-2026-15409
Published: July 15, 2026
SonicWall SMA 1000
Detailed vulnerability description
The vulnerability allows a remote attacker to cause the appliance to make requests to unintended locations.
The vulnerability exists due to server-side request forgery in the SMA1000 Appliance Work Place interface when handling crafted requests. A remote attacker can send a specially crafted request to cause the appliance to make requests to unintended locations.
Active exploitation has been observed in the wild.