🔴 Critical  |  Source: The Hacker News


SonicWall has disclosed two actively exploited zero-day vulnerabilities in its SMA 1000 series remote access appliances. The most severe, CVE-2026-15409, carries a maximum CVSS score of 10.0 and allows unauthenticated remote attackers to execute arbitrary commands via a server-side request forgery flaw. Both vulnerabilities are already being exploited in the wild, making this an urgent patching priority for any organisation relying on SMA 1000 devices for remote access.

Security Architect’s Take: Immediately isolate or take offline any internet-facing SonicWall SMA 1000 appliances until vendor patches are applied; review access logs for anomalous unauthenticated requests indicative of SSRF exploitation, and consider whether your remote access architecture should be replaced or supplemented with zero-trust network access controls to reduce dependence on perimeter VPN appliances.

Original advisory: Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands