SonicWall has issued an urgent advisory regarding two critical zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances. These vulnerabilities, identified as CVE-2026-15409 and CVE-2026-15410, are currently being actively exploited in the wild, posing significant risks to organizations utilizing these devices.
Details of the Vulnerabilities
The first vulnerability, CVE-2026-15409, is a server-side request forgery (SSRF) flaw with a CVSS score of 10.0, indicating critical severity. This vulnerability allows an unauthenticated remote attacker to manipulate the appliance into making unintended requests, potentially leading to unauthorized access to internal resources. The second vulnerability, CVE-2026-15410, is a code injection issue with a CVSS score of 7.2. It enables an authenticated administrator to execute arbitrary operating system commands, which could result in full system compromise.
Affected Products and Versions
The vulnerabilities impact the following SMA 1000 series models: 6210, 7210, and 8200v. Specifically, the affected firmware versions include 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800. Notably, these vulnerabilities do not affect SSL-VPN functionalities on SonicWall firewalls or the SMA 100 series product line.
Recommended Actions
SonicWall has released patches to address these vulnerabilities. Users and administrators are strongly advised to update their SMA 1000 appliances to platform-hotfix versions 12.4.3-03453 or 12.5.0-02835, or later releases, immediately. Delaying these updates could leave systems vulnerable to ongoing exploitation attempts.
In addition to applying the patches, organizations should review their systems for any signs of compromise. This includes monitoring logs for unusual activity and ensuring that access controls are properly configured to prevent unauthorized access.
These vulnerabilities underscore the critical importance of maintaining up-to-date security measures and promptly applying patches to mitigate potential threats. Organizations should remain vigilant and proactive in their cybersecurity practices to protect against such exploits.