SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026–15409 and CVE-2026–15410, in zero-day attacks and urges customers to install the newly released security updates.
CVE-2026–15409 is a critical (CVSS 10.0) server-side request forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface that allows a remote, unauthenticated attacker to force an appliance to make requests to unintended locations.
CVE-2026–15410 is a high-severity (CVSS 7.2) post-authentication code injection flaw in the SMA1000 Appliance Management Console that could allow a remote authenticated administrator to execute arbitrary operating system commands.
