#2
The Hacker News
general
July 15, 2026 at 05:30 UTC
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
By [email protected] (The Hacker News)
AI Summary
SonicWall disclosed two actively exploited zero-days in its SMA 1000 series appliances: CVE-2026-15409 (CVSS 10.0), a server-side request forgery flaw enabling unauthenticated remote command execution, and CVE-2026-15410. Researchers note the vulnerabilities were chained together and were exploited roughly three weeks before SonicWall disclosed and patched them, meaning defenders had no window to respond. SMA 1000 appliances are widely deployed as enterprise remote access gateways.
Relevance score: 93.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →