Back to advisories

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two zero-day vulnerabilities in SonicWall SMA 1000 appliances are actively exploited in the wild. CVE-2026-15409 is an SSRF flaw, while CVE-2026-15410 allows unauthenticated attackers to execute arbitrary commands as admin. Organizations using these devices face immediate risk of full appliance compromise and lateral network movement.

CRITICALAdvisoryJul 17, 2026
Action required
Identify all SonicWall SMA 1000 series appliances in your environment and apply available patches immediately. If patches are unavailable, isolate affected devices or restrict network access until patched.
Affected products
Secure Mobile Access (SMA) 1000 seriesSonicWallAppliance Management Console (AMC)Known Exploited Vulnerabilities (KEV) catalogCISA