CVE-2026-3468

MEDIUM 4.8

CVSS Score

4.8

EPSS Score

0.0%

EPSS Percentile

0th

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

CWE	CWE-79
Vendor	sonicwall
Product	email security
Published	Mar 31, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for sonicwall email security

Be the first to know when new medium vulnerabilities affecting sonicwall email security are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

SonicWall / Email Security

10.0.34.8215 and earlier versions 10.0.34.8223 and earlier versions

References

NVD ↗ CVE.org ↗ EPSS Data ↗

psirt.global.sonicwall.com: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002

Credits

Brian Mariani of DigitalCanion SA - www.digitalcanion.com