ON July 14, 2026, SonicWall disclosed two critical vulnerabilities affecting its SMA1000 Series remote access appliances: CVE-2026-15409 (server-side request forgery, CVSS 10.0) and CVE-2026-15410 (code injection). Both vulnerabilities allow unauthenticated attackers to exploit these appliances, leading to unauthorized access and potential remote code execution. Rapid7’s Managed Detection and Response team identified active exploitation of these vulnerabilities before SonicWall's disclosure.
Organizations are urged to apply the latest hotfixes immediately and conduct forensic reviews to detect indicators of compromise, as these vulnerabilities are already being actively exploited in the field. SonicWall advises comprehensive remediation strategies, including re-imaging appliances if necessary.