SonicWall has confirmed that two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 appliances are being actively exploited. One of these vulnerabilities, tracked as CVE-2026-15409 with a CVSS score of 10.0, allows for server-side request forgery and enables arbitrary command execution. The company's Product Security Incident Response Team (PSIRT) internally discovered and reported these flaws, prompting an investigation into multiple incidents of exploitation in the wild. The active exploitation of these vulnerabilities expands the attack surface, with CVE-2026-15409 posing a significant threat due to its high CVSS score1. This disclosure serves as a warning to organizations using SMA 1000 appliances to prioritize their exposure and take immediate action to mitigate these vulnerabilities, as the exploitation of these flaws can have severe consequences, so practitioners should reassess their security posture to prevent potential breaches.