8
CVEs
1
Critical
3
High
0
KEV
0
PoC
4
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
3
MEDIUM
2
LOW
2
Monthly CVE Trend
Affected Products (6)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-4112 | SQL injection in SonicWall SMA1000 series appliances allows authenticated attackers with read-only administrator privileges to escalate to primary administrator access through SQL injection vectors. The vulnerability affects SMA1000 versions 12.4.3-03245 and earlier, and 12.5.0-02283 and earlier. While CVSS scores this 7.2 (High) with network-based attack vector and low complexity, real-world exploitation risk appears moderate: EPSS probability is low at 0.06% (17th percentile), CISA SSVC indicates no active exploitation and the attack is not automatable, and the high privilege requirement (existing administrative credentials) significantly limits attacker pool. | HIGH | 7.2 | 0.1% | 36 |
No patch
|
| CVE-2026-4113 | SonicWall SMA1000 SSL VPN appliances allow remote authenticated administrators to enumerate valid user credentials through observable timing or response differences. Affects SMA1000 versions 12.4.3-03245 and earlier, plus 12.5.0-02283 and earlier. While CVSS rates this 7.2 High, real-world risk is moderate: exploitation requires existing high-privilege access (PR:H), EPSS shows only 0.04% probability (11th percentile), and no active exploitation or public POC identified at time of analysis. The vulnerability enables credential harvesting for subsequent lateral movement attacks. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-4116 | Two-factor authentication bypass in SonicWall SMA1000 SSL-VPN allows remote attackers with valid SSLVPN credentials to circumvent TOTP requirements via Unicode encoding manipulation. Affects SMA1000 versions 12.5.0-02283 and 12.4.3-03245 and earlier. Requires high-privilege (PR:H) authenticated access but enables complete authentication bypass (CVSS 7.2). Low EPSS score (0.03%, 10th percentile) indicates minimal observed exploitation likelihood. No public exploit code identified at time of analysis. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2026-4114 | Remote authenticated SonicWall SMA1000 SSLVPN administrators can bypass AMC TOTP (Time-based One-Time Password) authentication via improper handling of Unicode encoding, allowing high-privileged attackers to achieve authentication bypass on affected appliances. CVSS 6.6 reflects high-privileged requirement (PR:H) and high attack complexity (AC:H), limiting real-world exploitation despite total technical impact. EPSS score of 0.03% (10th percentile) indicates this vulnerability is unlikely to be exploited in widespread automated attacks, suggesting it requires specific attacker knowledge of Unicode encoding techniques and admin-level access. | MEDIUM | 6.6 | 0.0% | 33 |
No patch
|
| CVE-2026-3468 | Stored Cross-Site Scripting (XSS) in SonicWall Email Security allows authenticated admin users to inject and execute arbitrary JavaScript code through improper input sanitization during web page generation. The vulnerability affects all versions of SonicWall Email Security appliance and requires admin-level authentication to exploit, limiting immediate exposure but posing significant risk to organizations where admin accounts are compromised or insider threats exist. | MEDIUM | 4.8 | 0.0% | 24 |
No patch
|
| CVE-2026-3470 | Database corruption in SonicWall Email Security appliance via improper input sanitization allows authenticated admin users to corrupt the application database by submitting crafted input. The vulnerability requires valid administrative credentials and affects all versions of SonicWall Email Security as indicated by the CPE wildcard matching. No CVSS scoring, public exploit code, or CISA KEV status is available at this time, limiting precise risk quantification. | LOW | 3.8 | 0.1% | 19 |
No patch
|
| CVE-2026-3469 | SonicWall Email Security appliance becomes unresponsive due to improper input validation when an authenticated administrator submits malformed input, causing a denial of service. The vulnerability affects all versions of SonicWall Email Security and requires valid admin credentials to exploit. While CVSS scoring is unavailable, the attack vector is remote and authenticated, limiting exposure to insider threats or compromised admin accounts. | LOW | 2.7 | 0.1% | 14 |
No patch
|
| CVE-2025-40604 | Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.8 | 0.0% | – |
No patch
|