defense · BleepingComputer
SonicWall has disclosed two zero-day vulnerabilities in its SMA1000 Secure Mobile Access appliance that are being actively exploited by threat actors. CVE-2026-15409 is a critical server-side request forgery (CVSS 10.0) in the Workplace interface allowing unauthenticated remote attackers to force the appliance to make requests to unintended locations. CVE-2026-15410 is a high-severity post-authentication code injection flaw (CVSS 7.2) in the Management Console permitting authenticated administrators to execute arbitrary operating system commands. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running specific platform-hotfix releases. SonicWall has released patches and provided indicators of compromise to help administrators detect exploitation.
Defense contractors managing classified or controlled unclassified information (CUI) through remote access should treat this as a priority, especially if SMA1000 appliances gateway traffic for personnel with access to CMMC-regulated networks. Healthcare and fintech organizations relying on SMA1000 for secure remote administration should verify patch status immediately, as post-authentication code execution could lead to unauthorized access to systems subject to HIPAA and PCI DSS compliance. SaaS teams using SMA1000 for customer or employee VPN access should audit logs against the provided indicators of compromise and consider whether an Omniware engagement can scope forensic assessment and compensating controls during remediation.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/
Source: BleepingComputer
All briefings