Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.
AnalysisAI
SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must possess valid read-only administrator credentials for the SMA1000 appliance - the CVSS vector PR:H (high privileges required) confirms authenticated access is mandatory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Risk prioritization requires balancing multiple signals that present a nuanced picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained read-only administrator credentials through phishing, credential stuffing, or insider access logs into the SMA1000 web management interface. They identify input fields in administrative functions that accept SQL commands and craft malicious SQL payloads designed to manipulate database queries. … |
| Remediation | Upgrade SMA1000 appliances to patched platform-hotfix versions released by SonicWall, available through the vendor's Product Security Incident Response Team (PSIRT) portal at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all SonicWall SMA1000 appliances and document current firmware versions to identify affected systems. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low
An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and
A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attac
SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials throu
Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to c
Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authenti
A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this r
Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arb
Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin use
SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administr
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem i
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20902
GHSA-rh6r-h796-j349