SONICWALL has issued an urgent update for its SMA1000 secure remote access appliances due to two critical zero-day vulnerabilities: CVE-2026-15409, a server-side request forgery (SSRF) exploit, and CVE-2026-15410, a code injection issue. These vulnerabilities affect versions 6210, 7210, and 8200v of these appliances, prompting users to apply hotfixes 12.4.3-03453 or 12.5.0-02835. Both vulnerabilities have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, highlighting their active exploitation.
SonicWall has collaborated with Volexity during the investigation, but additional details about the attackers remain unclear.