securityaffairs.com 7/15/2026, 11:36:45 AM · external

CISA Flags SonicWall SMA1000 and Microsoft Flaws in KEV Catalog

CISA Flags SonicWall SMA1000 and Microsoft Flaws in KEV Catalog
CyberSIXT Evidence Panel

THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities from SonicWall and Microsoft to its Known Exploited Vulnerabilities catalog. Notably, SonicWall's SMA1000 appliances have two critical flaws: CVE-2026-15409 (a Server-Side Request Forgery vulnerability) and CVE-2026-15410 (a post-authentication code injection vulnerability). These vulnerabilities are currently being actively exploited.

Additionally, Microsoft has added two vulnerabilities related to Active Directory and SharePoint. CISA requires federal agencies to address these vulnerabilities by specific deadlines, with a recommendation for private organizations to also remediate these issues.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline