Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive.
AnalysisAI
SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Vulnerability AssessmentAI
| Risk Assessment | This vulnerability presents moderate-to-high real-world risk despite missing CVSS scores. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An internal administrator with legitimate credentials, or an external attacker who has compromised admin credentials through phishing or credential stuffing, logs into the SonicWall Email Security appliance management interface and submits specially crafted input (such as an oversized parameter, unexpected data type, or malformed configuration change) in an admin panel field. The application's input validation routine fails to properly sanitize or reject the malicious input, causing the backend process to enter an infinite loop or crash, rendering the email security appliance unresponsive and halting all email filtering until manual restart or failover. |
| Remediation | Consult the official SonicWall advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 for the specific patched version applicable to your SonicWall Email Security deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low
SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privile
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attac
SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials throu
Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to c
Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authenti
A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this r
Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arb
Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin use
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem i
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17642