13
CVEs
2
Critical
6
High
0
KEV
0
PoC
8
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
2
HIGH
6
MEDIUM
3
LOW
2
Monthly CVE Trend
Affected Products (6)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-23008 | An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2026-4112 | SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. While CVSS scores this 7.2 (High) with network-based attack vector and low complexity, real-world exploitation risk appears moderate: EPSS probability is low at 0.06% (17th percentile), CISA SSVC indicates no active exploitation and the attack is not automatable, and the high privilege requirement (existing administrative credentials) significantly limits attacker pool. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2025-23010 | An Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2025-23009 | A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-4113 | SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials through observable timing or response differences. Affects SMA1000 versions 12.4.3-03245 and earlier, plus 12.5.0-02283 and earlier. While CVSS rates this 7.2 High, real-world risk is moderate: exploitation requires existing high-privilege access (PR:H), EPSS shows only 0.04% probability (11th percentile), and no active exploitation or public POC identified at time of analysis. The vulnerability enables credential harvesting for subsequent lateral movement attacks. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-4116 | Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to circumvent TOTP requirements via Unicode encoding manipulation. Affects SMA1000 versions 12.5.0-02283 and 12.4.3-03245 and earlier. Requires high-privilege (PR:H) authenticated access but enables complete authentication bypass (CVSS 7.2). Low EPSS score (0.03%, 10th percentile) indicates minimal observed exploitation likelihood. No public exploit code identified at time of analysis. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-4114 | Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access. | MEDIUM | 6.6 | 0.0% | 33 |
No patch
|
| CVE-2025-32817 | A Improper Link Resolution vulnerability (CWE-59) in the SonicWall Connect Tunnel Windows (32 and 64 bit) client, this results in unauthorized file overwrite, potentially leading to denial of service. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 6.1 | 0.1% | 31 |
No patch
|
| CVE-2026-3468 | Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arbitrary JavaScript code through improper input sanitization during web page generation. The vulnerability affects all versions of SonicWall Email Security appliance and requires admin-level authentication to exploit, limiting immediate exposure but posing significant risk to organizations where admin accounts are compromised or insider threats exist. | MEDIUM | 4.8 | 0.0% | 24 |
No patch
|
| CVE-2026-3470 | Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin users to corrupt the application database by submitting crafted input. The vulnerability requires valid administrative credentials and affects all versions of SonicWall Email Security as indicated by the CPE wildcard matching. No CVSS scoring, public exploit code, or CISA KEV status is available at this time, limiting precise risk quantification. | LOW | 3.8 | 0.1% | 19 |
No patch
|
| CVE-2026-3469 | SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. While CVSS scoring is unavailable, the attack vector is remote and authenticated, limiting exposure to insider threats or compromised admin accounts. | LOW | 2.7 | 0.1% | 14 |
No patch
|
| CVE-2024-12802 | SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.1 | 0.1% | – |
No patch
|
| CVE-2025-40604 | Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.0% | – |
No patch
|