Skip to main content

Sonicwall

13 CVEs vendor

Monthly

CVE-2026-4116 HIGH NEWS This Week

Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to circumvent TOTP requirements via Unicode encoding manipulation. Affects SMA1000 versions 12.5.0-02283 and 12.4.3-03245 and earlier. Requires high-privilege (PR:H) authenticated access but enables complete authentication bypass (CVSS 7.2). Low EPSS score (0.03%, 10th percentile) indicates minimal observed exploitation likelihood. No public exploit code identified at time of analysis.

Authentication Bypass Sonicwall
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-4114 MEDIUM NEWS This Month

Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access.

Authentication Bypass Sonicwall
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-4113 HIGH NEWS This Week

SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials through observable timing or response differences. Affects SMA1000 versions 12.4.3-03245 and earlier, plus 12.5.0-02283 and earlier. While CVSS rates this 7.2 High, real-world risk is moderate: exploitation requires existing high-privilege access (PR:H), EPSS shows only 0.04% probability (11th percentile), and no active exploitation or public POC identified at time of analysis. The vulnerability enables credential harvesting for subsequent lateral movement attacks.

Information Disclosure Sonicwall
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-4112 HIGH NEWS This Week

SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. While CVSS scores this 7.2 (High) with network-based attack vector and low complexity, real-world exploitation risk appears moderate: EPSS probability is low at 0.06% (17th percentile), CISA SSVC indicates no active exploitation and the attack is not automatable, and the high privilege requirement (existing administrative credentials) significantly limits attacker pool.

SQLi Sonicwall
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-3470 LOW Monitor

Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin users to corrupt the application database by submitting crafted input. The vulnerability requires valid administrative credentials and affects all versions of SonicWall Email Security as indicated by the CPE wildcard matching. No CVSS scoring, public exploit code, or CISA KEV status is available at this time, limiting precise risk quantification.

Information Disclosure Sonicwall
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2026-3469 LOW Monitor

SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. While CVSS scoring is unavailable, the attack vector is remote and authenticated, limiting exposure to insider threats or compromised admin accounts.

Information Disclosure Sonicwall
NVD
CVSS 3.1
2.7
EPSS
0.1%
CVE-2026-3468 MEDIUM This Month

Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arbitrary JavaScript code through improper input sanitization during web page generation. The vulnerability affects all versions of SonicWall Email Security appliance and requires admin-level authentication to exploit, limiting immediate exposure but posing significant risk to organizations where admin accounts are compromised or insider threats exist.

XSS Sonicwall
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-40604 CRITICAL This Week

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Email Security Appliance 5000 Firmware Email Security Appliance 5050 Firmware Email Security Appliance 7000 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-32817 MEDIUM This Month

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Windows Denial Of Service Microsoft Sonicwall
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-23010 HIGH This Week

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Information Disclosure Microsoft Sonicwall
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-23009 HIGH This Week

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Privilege Escalation Microsoft Sonicwall
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-23008 HIGH This Week

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Privilege Escalation Microsoft Sonicwall
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-12802 CRITICAL This Week

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Sonicwall
NVD
CVSS 3.1
9.1
EPSS
0.1%
EPSS 0% CVSS 7.2
HIGH This Week

Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to circumvent TOTP requirements via Unicode encoding manipulation. Affects SMA1000 versions 12.5.0-02283 and 12.4.3-03245 and earlier. Requires high-privilege (PR:H) authenticated access but enables complete authentication bypass (CVSS 7.2). Low EPSS score (0.03%, 10th percentile) indicates minimal observed exploitation likelihood. No public exploit code identified at time of analysis.

Authentication Bypass Sonicwall
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM This Month

Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access.

Authentication Bypass Sonicwall
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials through observable timing or response differences. Affects SMA1000 versions 12.4.3-03245 and earlier, plus 12.5.0-02283 and earlier. While CVSS rates this 7.2 High, real-world risk is moderate: exploitation requires existing high-privilege access (PR:H), EPSS shows only 0.04% probability (11th percentile), and no active exploitation or public POC identified at time of analysis. The vulnerability enables credential harvesting for subsequent lateral movement attacks.

Information Disclosure Sonicwall
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. While CVSS scores this 7.2 (High) with network-based attack vector and low complexity, real-world exploitation risk appears moderate: EPSS probability is low at 0.06% (17th percentile), CISA SSVC indicates no active exploitation and the attack is not automatable, and the high privilege requirement (existing administrative credentials) significantly limits attacker pool.

SQLi Sonicwall
NVD VulDB
EPSS 0% CVSS 3.8
LOW Monitor

Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin users to corrupt the application database by submitting crafted input. The vulnerability requires valid administrative credentials and affects all versions of SonicWall Email Security as indicated by the CPE wildcard matching. No CVSS scoring, public exploit code, or CISA KEV status is available at this time, limiting precise risk quantification.

Information Disclosure Sonicwall
NVD
EPSS 0% CVSS 2.7
LOW Monitor

SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. While CVSS scoring is unavailable, the attack vector is remote and authenticated, limiting exposure to insider threats or compromised admin accounts.

Information Disclosure Sonicwall
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arbitrary JavaScript code through improper input sanitization during web page generation. The vulnerability affects all versions of SonicWall Email Security appliance and requires admin-level authentication to exploit, limiting immediate exposure but posing significant risk to organizations where admin accounts are compromised or insider threats exist.

XSS Sonicwall
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sonicwall Email Security Appliance 5000 Firmware +4
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Windows Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Windows Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Sonicwall
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy