SONICWALL has issued a warning regarding the active exploitation of two zero-day vulnerabilities in its SMA 1000 appliances. The first vulnerability, CVE-2026-15409, is a critical Server-side Request Forgery (SSRF) flaw with a CVSS score of 10.0, allowing unauthenticated attackers to manipulate requests. The second, CVE-2026-15410, scored at 7.2, is a post-authentication code injection flaw enabling authenticated attackers to execute arbitrary operating system commands.
SonicWall recommends affected users upgrade to patched versions (12.4.3-03453 or 12.5.0-02835 and higher), perform forensic investigations, and monitor system logs for suspicious activity. Past vulnerabilities also affected the SMA 1000 management console, which had been previously exploited in the wild.