Critical SonicWall SMA zero-days under active attack; users told to re-image compromised devices
By
Mr Bagel
SonicWall has warned that two zero-day vulnerabilities affecting its Secure Mobile Access (SMA) 1000 series appliances are being actively exploited in the wild. The company has released firmware updates and is urging organizations to immediately check for signs of compromise and take remedial action, according to Help Net Security.
Among the two flaws is CVE-2026-15409, a server-side request forgery (SSRF) vulnerability that carries the maximum CVSS score of 10.0, as reported by The Hacker News. The second vulnerability, CVE-2026-15410, was not detailed but The Hacker News noted that one of the two could be exploited to achieve arbitrary command execution on affected devices.
"one of which could be exploited to achieve arbitrary command execution."
This level of access would allow an attacker to run administrative commands on the SMA appliance, potentially compromising the entire network segment it serves. The critical severity of the flaws underscores the urgency for users to apply the patch.
SonicWall has provided detailed indicators of compromise for administrators to check their systems. If those indicators are found, the company instructs a more drastic response.
"If the outlined indicators of compromise are present on the system, the company advises re-imaging (hardware) or re-deploying (virtual) appliances, changing user and administrator passwords, and resetting TOTP tokens."
This guidance goes beyond a simple software update, emphasizing that a full system wipe and credential rotation may be necessary to eradicate any foothold attackers have gained. Help Net Security further reported that the company is urging customers to upgrade to the fixed firmware version and search for evidence of potential compromise as a first step.
The reporting
2 outlets covered this story. Each links to the original.
Baker's Take
Comments
Sign in to join the conversation.
No comments yet. Be the first.