SonicWall is urging customers to immediately patch SMA1000 secure remote access appliances after confirming active exploitation of two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410. The issues affect SMA1000 versions 6210, 7210, and 8200v, and organizations are advised to update to hotfix releases 12.4.3-03453 or 12.5.0-02835, with CISA also adding both flaws to its KEV catalog. #SonicWall #SMA1000 #CVE-2026-15409 #CVE-2026-15410 #CISA #Volexity
Keypoints
- SonicWall warns that SMA1000 appliances are under active zero-day exploitation.
- The affected vulnerabilities are CVE-2026-15409 and CVE-2026-15410.
- CVE-2026-15409 is a critical SSRF flaw in the Appliance Work Place interface.
- CVE-2026-15410 is a high-severity code injection flaw in the Appliance Management Console.
- Customers should install hotfix releases 12.4.3-03453 or 12.5.0-02835 immediately.
Read More: https://www.securityweek.com/sonicwall-issues-urgent-sma-patch-warning-for-two-zero-day-exploits/