THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities from SonicWall and Microsoft to its Known Exploited Vulnerabilities catalog. Notably, SonicWall's SMA1000 appliances have two critical flaws: CVE-2026-15409 (a Server-Side Request Forgery vulnerability) and CVE-2026-15410 (a post-authentication code injection vulnerability). These vulnerabilities are currently being actively exploited.
Additionally, Microsoft has added two vulnerabilities related to Active Directory and SharePoint. CISA requires federal agencies to address these vulnerabilities by specific deadlines, with a recommendation for private organizations to also remediate these issues.