Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Summary

SonicWall has issued a warning about two zero-day vulnerabilities being actively exploited in their SMA 1000 series appliances. One of these vulnerabilities, CVE-2026-15409, is a critical Server-side request forgery (SSRF) flaw that could allow remote, unauthenticated attackers to execute arbitrary commands.

IFF Assessment

FOE

The active exploitation of critical zero-day vulnerabilities presents a direct and immediate threat to organizations using the affected SonicWall appliances, enabling attackers to gain unauthorized access and control.

Severity

10.0 Critical

The CVSS score of 10.0 indicates a critical vulnerability. The SSRF vulnerability allows for remote, unauthenticated command execution, representing the highest level of impact and exploitability.

CISA KEV: Listed as actively exploited. Federal patch due: July 17, 2026. Known ransomware use: Unknown.

Defender Context

Defenders need to immediately assess their deployment of SonicWall SMA 1000 series appliances and apply any available patches or workarounds to mitigate the risk of exploitation. This incident highlights the ongoing threat of zero-day attacks against critical network infrastructure.

Read Full Story →