CISA Orders SonicWall SMA 1000 Fixes by July 17 Over 2 Exploited Zero-Days
Updated
Updated · The Hacker News · Jul 15
CISA Orders SonicWall SMA 1000 Fixes by July 17 Over 2 Exploited Zero-Days
3 articles · Updated · The Hacker News · Jul 15
Summary
July 17 is the deadline CISA set for federal civilian agencies after adding two SonicWall SMA 1000 flaws to its Known Exploited Vulnerabilities catalog.
SonicWall said both bugs are being actively exploited, including CVE-2026-15409, an unauthenticated SSRF flaw rated 10.0, and CVE-2026-15410, a post-authentication code-injection bug that can run administrator-level OS commands.
Patched versions are 12.4.3-03453 and 12.5.0-02835 or later, and SonicWall urged customers to check logs and configuration files for compromise indicators such as suspicious /api/login, /api/logout, or /wsproxy activity.
If those indicators appear, SonicWall advised re-imaging physical appliances or redeploying virtual ones, then changing user and administrator passwords and resetting one-time password tokens.
If patching isn't enough, are thousands of networks already compromised by these SonicWall zero-day flaws?
Did a mysterious scanning spike in May act as the opening move for this widespread SonicWall attack?
Under Attack: CISA Orders Emergency Patching of SonicWall SMA1000 Zero-Days by July 17, 2026
Overview
In July 2026, CISA issued an urgent cybersecurity mandate for federal agencies and critical infrastructure due to the active exploitation of critical SonicWall SMA1000 zero-day vulnerabilities. These flaws, CVE-2026-15409 and CVE-2026-15410, were quickly added to CISA’s Known Exploited Vulnerabilities catalog, highlighting their severe risk and the evidence of ongoing attacks. CISA set a strict patch deadline of July 17, 2026, requiring immediate action to prevent network breaches. The report details how these vulnerabilities impact specific SonicWall models and underscores the importance of rapid remediation to protect against escalating threats.