Home / Jul 16, 2026 / Story
0
#2 The Hacker News general July 15, 2026 at 05:30 UTC

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

By [email protected] (The Hacker News)

AI Summary

SonicWall disclosed two actively exploited zero-days in its SMA 1000 series appliances: CVE-2026-15409 (CVSS 10.0), a server-side request forgery flaw enabling unauthenticated remote command execution, and CVE-2026-15410. Researchers note the vulnerabilities were chained together and were exploited roughly three weeks before SonicWall disclosed and patched them, meaning defenders had no window to respond. SMA 1000 appliances are widely deployed as enterprise remote access gateways.

Relevance score: 93.0/100

# More from July 16