Back to Feed
VulnerabilitiesJul 15, 2026

SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits

SonicWall SMA1000 appliances targeted by two zero-day exploits, CVE-2026-15409 and CVE-2026-15410.

Summary

SonicWall has issued an urgent warning for customers to update their SMA1000 secure remote access appliances due to active exploitation of two zero-day vulnerabilities. CVE-2026-15409, a critical SSRF flaw, and CVE-2026-15410, a high-severity code injection issue, are being exploited by threat actors. CISA has added these vulnerabilities to its Known Exploited Vulnerabilities catalog, urging immediate remediation.

Full text

SonicWall is urging customers to immediately update SMA1000 secure remote access appliances, which are being targeted by threat actors via two new zero-day vulnerabilities. The vulnerabilities are tracked as CVE-2026-15409 and CVE-2026-15410, and they affect SMA1000 versions 6210, 7210, and 8200v. Enterprises using these products have been instructed to update to hotfix releases 12.4.3-03453 or 12.5.0-02835. CVE-2026-15409 has been described as a critical server-side request forgery (SSRF) issue affecting the Appliance Work Place interface. It allows a remote, unauthenticated attacker to cause the targeted appliance to “make requests to unintended locations”. CVE-2026-15410 is a high-severity code injection issue affecting the Appliance Management Console (AMC), and it can allow an attacker with admin privileges to execute arbitrary OS commands. “SonicWall PSIRT has investigated multiple cases indicating the active exploitation of the vulnerabilities described in this advisory,” SonicWall said in its advisory. It’s unclear who is behind the zero-day exploitation, but the vendor has shared some IoCs to help enterprises detect potential attacks. Based on the company’s brief description, the two vulnerabilities may be chained.Advertisement. Scroll to continue reading. Volexity has been credited with assisting SonicWall’s investigation into the zero-day attacks, but the cybersecurity firm has yet to release any details. CISA added CVE-2026-15409 and CVE-2026-15410 to its Known Exploited Vulnerabilities (KEV) catalog on Tuesday, urging government agencies to address them by July 17. It’s not uncommon for threat actors, including profit-driven cybercriminals, to exploit vulnerabilities in SonicWall products. CISA’s KEV catalog currently includes 17 flaws, including ones affecting SMA1000 appliances. Related: Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days Related: Organizations Warned of Exploited Joomla Extension Vulnerabilities Related: BlueHammer Vulnerability Exploited in Ransomware Attacks Related: Exploitation of Recent Oracle E-Business Suite Vulnerability Begins Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Eduard Kovacs Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity RulesCybersecurity M&A Roundup: 37 Deals Announced in June 2026Centers Laboratory Data Breach Affects 540,000 IndividualsThird US Security Expert Sentenced to Prison for Helping Ransomware GangChina, India-Linked Hackers Both Targeted Same Pakistani Police Force‘HalluSquatting’ Turns AI Hallucinations Into Botnet Delivery MechanismPalo Alto Networks Patches 13 VulnerabilitiesMicrosoft Patches Defender ‘RoguePlanet’ Vulnerability Latest News Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-DaysSynopsys Finds No Evidence of Data Breach Amid Bosch Hack ClaimsAdobe Patches Critical ColdFusion Vulnerabilities7 Severe Vulnerabilities Patched in VMware Avi Load BalancerUnpatched Claude for Chrome Flaw Lets Extensions Read Gmail, CalendarSAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce CloudUS, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure RoutersValarian Raises $50 Million for Sovereign Infrastructure Control Layer Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 15, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveF5 has appointed Cathy Peterman as Chief People Officer.Sean Murphy has joined F5 as a Field Chief Information Security Officer - North America.CodeHunter has appointed Stephen McCarney as Chief Strategy Officer.More People On The MoveExpert Insights The Shift Toward Business-Aligned Risk Management Moving from isolated, technical data to a continuous risk lifecycle can help organizations align security controls with actual business consequences. (Steve Durbin) How to Conduct a Successful Audit of AI-Driven Software Development As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production. (Matias Madou) Frontier AI: Six Questions Every Enterprise Should Ask Security Vendors From model selection and automation to validation and measurable results, the right questions can help enterprises separate genuine AI capabilities from marketing hype. (Joshua Goldfarb) The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

  • cve — CVE-2026-15409
  • cve — CVE-2026-15410

Entities

SMA1000 (product)SonicWall (vendor)Secure Remote Access (technology)Appliance Work Place (product)Appliance Management Console (product)