Skip to main content

Sma1000 CVE-2026-15409

| EUVDEUVD-2026-44404 CRITICAL
Server-Side Request Forgery (SSRF) (CWE-918)
2026-07-14 sonicwall GHSA-35rc-2vcv-r6q5
10.0
CVSS 3.1 · Vendor: sonicwall
Share

Severity by source

Vendor (sonicwall) PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
ENISA EUVD
CRITICAL
qualitative

Primary rating from Vendor (sonicwall).

CVSS VectorVendor: sonicwall

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Jul 14, 2026 - 23:20 CISA
CVE Published
Jul 14, 2026 - 19:39 cve.org
CRITICAL 10.0

DescriptionCVE.org

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Analysis

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy