Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

SonicWall Warns of Active Exploitation of Two SMA 1000 Zero-Days


SonicWall has warned of the active exploitation of two SMA 1000 zero-days, including a Server-side request forgery (SSRF) issue and a post-authentication code injection flaw. Customers are strongly urged to upgrade to the latest hotfix releases as soon as possible to remediate these vulnerabilities.

  • SonicWall has issued a warning about the active exploitation of two zero-day vulnerabilities in their Secure Mobile Access (SMA) 1000 appliances.
  • The first vulnerability, CVE-2026-15409, is an SSRF issue with a CVSS score of 10.0, allowing remote unauthenticated attackers to cause unintended requests.
  • The second vulnerability, CVE-2026-15410, is a post-authentication code injection flaw with a CVSS score of 7.2, allowing remote authenticated attackers to execute arbitrary OS commands as administrator.
  • SonicWall has addressed the issue in versions 12.4.3-03453 and higher, and customers are urged to upgrade as soon as possible.
  • Another SMA 1000 vulnerability is being actively exploited, but details about this zero-day have not been disclosed by SonicWall.



  • SonicWall has issued a warning about the active exploitation of two zero-day vulnerabilities affecting their Secure Mobile Access (SMA) 1000 appliances. The company's PSIRT (Protection Services and Incident Response Team) has been investigating multiple incidents indicating that these vulnerabilities are being actively exploited in the wild.

    The first vulnerability, tracked as CVE-2026-15409, is a Server-side request forgery (SSRF) issue that allows a remote unauthenticated attacker to potentially cause the appliance to make requests to an unintended location. This vulnerability has a CVSS score of 10.0, indicating a high level of severity.

    The second vulnerability, tracked as CVE-2026-15410, is a post-authentication code injection flaw in the Appliance Management Console (AMC) that allows a remote authenticated attacker to execute arbitrary operating system commands as administrator under certain conditions. This vulnerability has a CVSS score of 7.2.

    SonicWall has addressed the issue in versions 12.4.3-03453 and higher, as well as versions 12.5.0-02835 and higher. Customers are strongly urged to upgrade to these hotfix releases as soon as possible to remediate these vulnerabilities.

    In addition to these two zero-day vulnerabilities, SonicWall has also warned about the active exploitation of another SMA 1000 vulnerability that was discovered in December last year. This vulnerability is a local privilege escalation issue due to insufficient authorization in the SonicWall SMA 1000 appliance management console (AMC). The vendor has not disclosed details about the attacks that exploited this flaw as a zero-day, nor the attackers' motivations.

    SonicWall's warning comes as part of its efforts to inform customers about potential security threats and provide them with the necessary tools to remediate these vulnerabilities. The company's PSIRT has been working closely with various stakeholders to identify and address these vulnerabilities.

    In related news, SonicWall has also urged customers to address another SMA 1000 Appliance Management Console issue that was exploited as a zero-day in attacks in the wild. This vulnerability is a local privilege escalation issue which is due to insufficient authorization in the SonicWall SMA 1000 appliance management console (AMC).

    The company's PSIRT has identified an additional IOC (Indicated by Observed Compound) for this vulnerability, and customers are strongly advised to upgrade their appliances as soon as possible.

    In other news, SonicWall has also warned about the active exploitation of another zero-day vulnerability in a Cisco IOS flaw. The U.S. CISA (Cybersecurity and Infrastructure Security Agency) has added this flaw to its Known Exploited Vulnerabilities catalog.

    Furthermore, the Dutch government has targeted FSB-linked hackers in new sanctions over cyber sabotage. The attackers were suspected of being behind an Odio hack that exposed six million customers.

    Additionally, Australia has alerted organizations to ongoing CMS exploitation attacks, and Ryuk ransomware member has pleaded guilty over attacks on U.S. organizations.

    The SonicWall warning serves as a reminder to all customers to stay vigilant and take proactive steps to secure their systems against potential security threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/SonicWall-Warns-of-Active-Exploitation-of-Two-SMA-1000-Zero-Days-ehn.shtml

  • https://securityaffairs.com/195364/hacking/sonicwall-warns-of-active-exploitation-of-two-sma-1000-zero-days.html

  • https://nvd.nist.gov/vuln/detail/CVE-2026-15409

  • https://www.cvedetails.com/cve/CVE-2026-15409/

  • https://nvd.nist.gov/vuln/detail/CVE-2026-15410

  • https://www.cvedetails.com/cve/CVE-2026-15410/


  • Published: Wed Jul 15 05:32:56 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us