SonicWall has confirmed that two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 appliances are being actively exploited. One of these vulnerabilities, tracked as CVE-2026-15409 with a CVSS score of 10.0, allows for server-side request forgery and enables arbitrary command execution. The company's Product Security Incident Response Team (PSIRT) internally discovered and reported these flaws, prompting an investigation into multiple incidents of exploitation in the wild. The active exploitation of these vulnerabilities expands the attack surface, with CVE-2026-15409 posing a significant threat due to its high CVSS score1. This disclosure serves as a warning to organizations using SMA 1000 appliances to prioritize their exposure and take immediate action to mitigate these vulnerabilities, as the exploitation of these flaws can have severe consequences, so practitioners should reassess their security posture to prevent potential breaches.
SonicWall warns of active exploitation of two SMA 1000 zero-days
⚠️ Critical Alert
Why This Matters
CVE-2026-15409 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, July 15). SonicWall warns of active exploitation of two SMA 1000 zero-days. *SecurityAffairs*. https://securityaffairs.com/195364/hacking/sonicwall-warns-of-active-exploitation-of-two-sma-1000-zero-days.html
Original Source
SecurityAffairs
Read original →