SonicWall SMA1000 Flaws CVE-2026-15409 and CVE-2026-15410 Face Active Exploitation
Updated
Updated · hkcert.org · Jul 15
SonicWall SMA1000 Flaws CVE-2026-15409 and CVE-2026-15410 Face Active Exploitation
3 articles · Updated · hkcert.org · Jul 15
Summary
Two SonicWall SMA1000 vulnerabilities — CVE-2026-15409 and CVE-2026-15410 — are being exploited in the wild, with authorities rating the threat to the appliances as high risk.
CVE-2026-15409 is an unauthenticated server-side request forgery flaw that can force an appliance to send requests to unintended locations, while CVE-2026-15410 is a post-authentication code-injection bug in the AMC console.
That second flaw can let a remote authenticated administrator execute arbitrary OS commands, and the combined impact listed for the vulnerabilities includes remote code execution and security restriction bypass.
Affected products include SMA1000 models 6210, 7210 and 8200v on specified 12.4.3 and 12.5.0 releases, with users urged to apply vendor-issued fixes.