ON July 14, 2026, SonicWall disclosed two zero-day vulnerabilities in its Secure Mobile Access (SMA) appliances, CVE-2026-15409 and CVE-2026-15410. These vulnerabilities can be exploited by attackers to gain remote code execution (RCE) and elevate their access to root-level control. The vulnerabilities are actively being exploited by the Inc ransomware group, allowing them to infiltrate enterprise networks, steal credentials, and prepare for ransomware deployment.
CVE-2026-15409 is a server-side request forgery (SSRF) flaw that scores a maximum of 10 in severity, while CVE-2026-15410 is a code injection vulnerability scoring 7.2. SonicWall has issued a hotfix for these vulnerabilities and has encouraged customers to implement it promptly, highlighting the importance of swift action against potential security breaches.