SONICWALL has released urgent firmware updates to fix three SonicOS vulnerabilities in Gen 6, Gen 7, and Gen 8 firewalls, with attackers potentially bypassing security controls, accessing restricted services, or crashing devices. The most severe flaw is CVE-2026-0204 (CVSS 8.0), an improper access control issue, while CVE-2026-0205 (CVSS 6.8) and CVE-2026-0206 (CVSS 6.8) are a post-authentication path traversal and a stack-based buffer overflow, respectively.
The flaws affect appliances running firmware up to 6.5.5[.]1-6n, 7.0.1-5169, 7.3.1-7013, and 8.1.0-8017, with updates addressing 6.5.5[.]2-28n, 7.3.2-7010, and 8.2.0-8009. SonicWall PSIRT recommends updating immediately and, until patches are applied, restricting management access to SSH by disabling HTTP/HTTPS management and SSLVPN on all interfaces. There is currently no evidence that the flaws have been exploited in the wild, according to SecurityAffairs, published on 1 May 2026.