www.darkreading.com 7/17/2026, 9:01:57 PM · external

SonicWall CVE-2026-15409 flaw lets ransomware group hijack VPNs

SonicWall CVE-2026-15409 flaw lets ransomware group hijack VPNs
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available
Threat Actor
Inc ransomware

ON July 14, 2026, SonicWall disclosed two zero-day vulnerabilities in its Secure Mobile Access (SMA) appliances, CVE-2026-15409 and CVE-2026-15410. These vulnerabilities can be exploited by attackers to gain remote code execution (RCE) and elevate their access to root-level control. The vulnerabilities are actively being exploited by the Inc ransomware group, allowing them to infiltrate enterprise networks, steal credentials, and prepare for ransomware deployment.

CVE-2026-15409 is a server-side request forgery (SSRF) flaw that scores a maximum of 10 in severity, while CVE-2026-15410 is a code injection vulnerability scoring 7.2. SonicWall has issued a hotfix for these vulnerabilities and has encouraged customers to implement it promptly, highlighting the importance of swift action against potential security breaches.

View Primary Source Via www.darkreading.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline