A critical server-side request forgery (SSRF) vulnerability, designated as CVE-2026-15409, and a high-severity code injection vulnerability, designated as CVE-2026-15410, have been discovered in SonicWall's SMA1000 Series remote access appliances. These vulnerabilities, with a CVSS score of 10.0 for CVE-2026-15409, allow an unauthenticated attacker to establish a websocket-based tunnel to arbitrary localhost-only services and enable code injection, respectively. Successful exploitation of these vulnerabilities can have severe consequences, and customers are urged to apply the latest platform hotfix releases immediately. The disclosure of CVE-2026-15409 expands the active attack surface, making it essential for organizations to prioritize mitigation based on their exposure and exploitation evidence1. This highlights the importance of prompt patching and vigilance in protecting against zero-day exploits, particularly for organizations relying on SonicWall's SMA1000 Series appliances.
Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409, CVE-2026-15410)
⚠️ Critical Alert
Why This Matters
CVE-2026-15409 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- Rapid7. (2026, July 15). Rapid7 MDR Team Discovers New SonicWall SMA1000 Zero Days being Actively Exploited (CVE-2026-15409, CVE-2026-15410). *Rapid7 Blog*. https://www.rapid7.com/blog/post/etr-rapid7-mdr-team-discovers-new-sonicwall-sma1000-zero-days-being-actively-exploited-cve-2026-15409-cve-2026-15410
Original Source
Rapid7 Blog
Read original →