๐Ÿ” CVE Alert

CVE-2026-15410

HIGH 7.2 โš ๏ธ CISA KEV
CVSS Score
7.2
EPSS Score
1.6%
EPSS Percentile
74th

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

CWE CWE-94
Vendor sonicwall
Product sma1000
Published Jul 14, 2026
Last Updated Jul 16, 2026
โš ๏ธ Actively Exploited โ€” Act Now

Get instant alerts for sonicwall sma1000

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-15410.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

SonicWall / SMA1000
12.4.3-03245 โ‰ค 12.4.3-03434 12.5.0-02283 โ‰ค 12.5.0-02800

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
psirt.global.sonicwall.com: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-15410

Credits

Adam Babis of SonicWall PSIRT