All incidents

CISA adds SonicWall SMA1000 code injection flaw (CVE-2026-15410) to KEV catalog

vulnerabilityopenJul 14, 2026 — Jul 14, 2026

CISA has placed a newly discovered code injection flaw in SonicWall SMA1000 appliances on its Known Exploited Vulnerabilities catalogue after confirming active exploitation in the wild. The vulnerability, tracked as CVE-2026-15410, allows a remote attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system, as detailed in SonicWall's advisory.

CVE-2026-15410 carries a CVSS score of 7.2, rating it as high severity. The flaw resides in the management interface of the SMA1000 series where insufficient input validation permits injection of shell commands. Exploitation requires the attacker to already hold an active administrator session, after which crafted requests can trigger arbitrary OS execution.

Intelligence briefing updated Jul 14, 2026

CVE-2026-15410 7.2 KEV
Root sourcepsirt.global.sonicwall.com
Timeline Coverage

Swipe to explore timeline