CISA KEV Alert 7/14/2026, 8:17:15 PM

CISA Lists SonicWall SMA1000 SSRF Flaw in KEV, Urges Patch

CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Status Unknown

CISA added CVE-2026-15409 to the KEV catalogue, identifying SonicWall’s SMA1000 Appliances as the affected product and naming the flaw SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability. The vulnerability is a server-side request forgery that could allow a remote unauthenticated attacker to cause the appliance to make requests to unintended locations.

Technically, the issue is an SSRF weakness in the SMA1000 appliance’s web interface that permits an unauthenticated remote attacker to trigger the device to issue arbitrary HTTP requests to internal or external systems. This could enable network reconnaissance, bypass of access controls, or data exfiltration. The CVSS base score is 0.0, rating the vulnerability as None, and no patch or advisory is currently published; patch status remains unknown.

Because the entry appears in the KEV catalogue, active exploitation in the wild has been confirmed. No known ransomware campaign has been linked to CVE-2026-15409 at this time. CISA has established a remediation deadline of 17 July 2026 for Federal Civilian Executive Branch agencies to apply the required mitigations.

CISA requires FCEB agencies to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

Although the directive binds FCEB agencies, all organisations should review their exposure to SonicWall SMA1000 appliances and implement any available mitigations.

For full details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-15409 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT