[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2gtKJmEZzA2eei5i1qrYfSdHHAbYhe9PLGZFzQfqmAs":3},{"article":4,"iocs":44},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":26,"category":27,"article_tags":31},"0c6f738d-11f6-4e4b-9a71-fe668ff90fcb","SonicWall Urges Immediate Patching of Firewall Vulnerabilities","sonicwall-urges-immediate-patching-of-firewall-vulnerabilities-6471fc","The bugs could be exploited to bypass security controls, access restricted services, and crash firewalls. The post SonicWall Urges Immediate Patching of Firewall Vulnerabilities appeared first on SecurityWeek.","SonicWall released firmware updates addressing three vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. CVE-2026-0204 is a high-severity access control bypass allowing attackers to modify configurations; CVE-2026-0205 is a path traversal flaw; and CVE-2026-0206 enables remote denial of service. The company urges immediate patching or temporary mitigation via SSH-only management access.","SonicWall patches three firewall vulnerabilities including high-severity access control bypass.","SonicWall on Wednesday rolled out fixes for three SonicOS vulnerabilities, urging customers to immediately patch their Gen 6, Gen 7, and Gen 8 firewalls. “These vulnerabilities require immediate firmware updates to maintain security posture. One CVE is rated high severity, and two are rated medium severity,” the company warned. The high-severity flaw, tracked as CVE-2026-0204, allows attackers to bypass access controls and access certain management interface functions, SonicWall notes in an advisory. An attacker with access to the management interface could potentially modify firewall configurations and disable security protections. Tracked as CVE-2026-0205, the first medium-severity issue is a path traversal weakness that could be exploited to interact with restricted services. The second medium-severity defect, tracked as CVE-2026-0206, allows remote attackers to crash vulnerable firewalls, the company says.Advertisement. Scroll to continue reading. Both medium-severity vulnerabilities require authentication for successful exploitation. The three vulnerabilities impact dozens of firewalls running firmware versions up to 6.5.5.1-6n, 7.0.1-5169, 7.3.1-7013, and 8.1.0-8017. Fixes were included in firmware releases 6.5.5.2-28n, 7.3.2-7010, and 8.2.0-8009, and customers are advised to update their appliances as soon as possible, or to restrict management access to SSH only until patching is possible, by disabling HTTP\u002FHTTPS-based management and SSLVPN on all interfaces. “Applying the patched firmware as soon as possible is strongly recommended,” SonicWall notes, underlining that management access restrictions are temporary mitigations. The company makes no mention of any of these security defects being exploited in the wild. Related: Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months Related: Robinhood Vulnerability Exploited for Phishing Attacks Related: Splunk Enterprise Update Patches Code Execution Vulnerability Related: Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Fresh LiteLLM Vulnerability Exploited Shortly After DisclosureCheckmarx Confirms Data Stolen in Supply Chain AttackIranian Cyber Group Handala Targets US Troops in BahrainChrome 147, Firefox 150 Security Updates Rolling OutAlleged Chinese State Hacker Extradited to USDozens of Open VSX Extension Clones Linked to GlassWorm MalwareNo Patch for New PhantomRPC Privilege Escalation Technique in WindowsSpectrum Security Emerges From Stealth Mode With $19 Million Latest News Anthropic Unveils Claude Security to Counter AI-Powered Exploit SurgeAI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to HoursSAP NPM Packages Targeted in Supply Chain AttackCritical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain AttacksEnOcean SmartServer Flaws Expose Buildings to Remote HackingCritical cPanel & WHM Vulnerability Exploited as Zero-Day for Months‘Copy Fail’ Logic Flaw in Linux Kernel Enables System TakeoverSandhills Medical Says Ransomware Breach Affects 170,000 Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With \"Shadow AI\" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveAutoNation has appointed Brian Fricke as Chief Information Security Officer.Varun Kohli has joined GetReal Security as Chief Marketing Officer.MongoDB has appointed Doug Bowers as Chief Information Security Officer.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fsonicwall-urges-immediate-patching-of-firewall-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F08\u002FSonicWall.jpg","2026-04-30T14:52:20+00:00","2026-04-30T16:00:31.983698+00:00",8,[18,21,24],{"name":19,"type":20},"SonicWall","vendor",{"name":22,"type":23},"SonicOS","product",{"name":25,"type":23},"SonicWall Firewall (Gen 6\u002F7\u002F8)","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":26,"icon":28,"name":29,"slug":30},null,"Vulnerabilities","vulnerabilities",[32,37,39],{"category":33},{"id":34,"icon":28,"name":35,"slug":36},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",{"category":38},{"id":26,"icon":28,"name":29,"slug":30},{"category":40},{"id":41,"icon":28,"name":42,"slug":43},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",[45,49,52],{"type":46,"value":47,"context":48},"cve","CVE-2026-0204","High-severity SonicOS access control bypass allowing management interface exploitation",{"type":46,"value":50,"context":51},"CVE-2026-0205","Medium-severity path traversal vulnerability in SonicOS requiring authentication",{"type":46,"value":53,"context":54},"CVE-2026-0206","Medium-severity SonicOS remote denial of service vulnerability requiring authentication"]