CVE-2026-15410
SonicWall · SMA1000 Appliances
SonicWall SMA1000 appliances are vulnerable to code injection, which can be exploited by an authenticated administrator to execute arbitrary code.
Executive summary
This critical code injection vulnerability in SonicWall SMA1000 appliances is currently being exploited in the wild and requires immediate remediation.
Vulnerability
The appliance suffers from an improper control of generation of code, specifically code injection (CWE-94). An attacker must have high-level administrative privileges to successfully execute this attack.
Business impact
The CVSS score of 9.5 reflects the severe risk of total system compromise. Since the vulnerability allows for code injection, an attacker could potentially gain full control over the appliance, leading to complete loss of confidentiality, integrity, and availability for the services managed by the SMA1000.
Remediation
Immediate Action: Update the affected SMA1000 appliances to the patched firmware version as specified in the SonicWall security advisory.
Proactive Monitoring: Review administrative access logs for unauthorized configuration changes or the execution of unexpected commands on the appliance.
Compensating Controls: Limit access to the administrative management interface to trusted, secure management networks only to minimize the risk of unauthorized administrative activity.
Exploitation status
Public Exploit Available: Yes, a public proof-of-concept exists on GitHub.
Analyst recommendation
Given the active exploitation and the availability of a public proof-of-concept, prompt firmware updates are essential. Administrators should treat this as a high-priority action to prevent unauthorized code execution and maintain the integrity of their network security infrastructure.