Skip to main content

SonicWall SMA1000 CVE-2026-4112

| EUVDEUVD-2026-20902 HIGH
SQL Injection (CWE-89)
2026-04-09 sonicwall GHSA-rh6r-h796-j349
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 10, 2026 - 14:22 vuln.today
CVSS changed
May 10, 2026 - 14:22 NVD
7.2 (HIGH)
EUVD ID Assigned
Apr 09, 2026 - 15:00 euvd
EUVD-2026-20902
CVE Published
Apr 09, 2026 - 14:22 nvd
N/A
CVE Published
Apr 09, 2026 - 14:22 nvd
HIGH 7.2

DescriptionCVE.org

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

AnalysisAI

SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain read-only admin credentials
Delivery
Access SMA1000 web interface
Exploit
Inject SQL payload in admin function
Execution
Modify privilege tables via SQL
Persist
Escalate to primary administrator
Impact
Full appliance control

Vulnerability AssessmentAI

Exploitation Attacker must possess valid read-only administrator credentials for the SMA1000 appliance - the CVSS vector PR:H (high privileges required) confirms authenticated access is mandatory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk prioritization requires balancing multiple signals that present a nuanced picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained read-only administrator credentials through phishing, credential stuffing, or insider access logs into the SMA1000 web management interface. They identify input fields in administrative functions that accept SQL commands and craft malicious SQL payloads designed to manipulate database queries. …
Remediation Upgrade SMA1000 appliances to patched platform-hotfix versions released by SonicWall, available through the vendor's Product Security Incident Response Team (PSIRT) portal at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all SonicWall SMA1000 appliances and document current firmware versions to identify affected systems. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-23008 HIGH
7.2 Apr 10

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low

CVE-2025-23010 HIGH
7.2 Apr 10

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and

CVE-2025-23009 HIGH
7.2 Apr 10

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attac

CVE-2026-4113 HIGH
7.2 Apr 09

SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials throu

CVE-2026-4116 HIGH
7.2 Apr 09

Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to c

CVE-2026-4114 MEDIUM
6.6 Apr 09

Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authenti

CVE-2025-32817 MEDIUM
6.1 Apr 16

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this r

CVE-2026-3468 MEDIUM
4.8 Mar 31

Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arb

CVE-2026-3470 LOW
3.8 Mar 31

Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin use

CVE-2026-3469 LOW
2.7 Mar 31

SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administr

CVE-2025-40604 CRITICAL
9.8 Nov 20

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem i

CVE-2024-12802 CRITICAL
9.1 Jan 09

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal

Share

CVE-2026-4112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy