CISA has placed a newly discovered code injection flaw in SonicWall SMA1000 appliances on its Known Exploited Vulnerabilities catalogue after confirming active exploitation in the wild. The vulnerability, tracked as CVE-2026-15410, allows a remote attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system, as detailed in SonicWall's advisory.
CVE-2026-15410 carries a CVSS score of 7.2, rating it as high severity. The flaw resides in the management interface of the SMA1000 series where insufficient input validation permits injection of shell commands. Exploitation requires the attacker to already hold an active administrator session, after which crafted requests can trigger arbitrary OS execution.