Lisbon · Wednesday, 15 Jul 2026 NB Edition · Nº 081
← Back to news
Cibersegurança · SonicWall NB-L081

Two flaws in SonicWall remote-access appliances are already being exploited, and the worst needs no password

SonicWall confirmed active exploitation of two flaws in its SMA 1000 remote-access appliances. The worst scores a perfect 10.0 and needs no password. A fix is out, and CISA set a deadline for federal agencies.

Two flaws in SonicWall remote-access appliances are already being exploited, and the worst needs no password
FIG. NB-L081 · Cibersegurança · SonicWall

SonicWall, a maker of network security appliances, issued an urgent advisory on 14 July 2026 about two vulnerabilities in its SMA 1000 series remote-access appliances, and confirmed that both are already being exploited by attackers. They are known as zero-day flaws, because the attacks began before a fix was available. These devices give employees secure access to the company network from outside, and that is exactly what makes them a prized target, sitting at the doorway to internal systems.

The more serious of the two, tracked as CVE-2026-15409, received the maximum risk score, 10.0 out of 10 on the CVSS scale (the standard index that measures how severe a flaw is). It is a server-side request forgery (SSRF), a technique that tricks the appliance itself into making requests to unintended destinations, and, unlike the second flaw, it requires no password to abuse.

The second, CVE-2026-15410, scores 7.2 and requires the attacker to be already authenticated with administrator privileges. In that scenario, it allows arbitrary commands to be run on the appliance's operating system, in effect taking it over.

Who is affected, and the fix

According to SonicWall's advisory (reference SNWLID-2026-0008), the flaws affect models 6210, 7210 and 8200v of the SMA 1000 series. The company stresses that SonicWall firewalls and the SMA 100 series are not affected. A fix is already available, in firmware versions (the device's internal software) 12.4.3-03453 and 12.5.0-02835, or higher, offered on the mysonicwall.com portal. Anyone running these appliances should update urgently and, given the active exploitation, look for signs of intrusion in the logs before assuming they are safe.

Pressure from regulators

The severity was recognised beyond the vendor. CISA, the United States government's cybersecurity agency, added both flaws to its catalogue of actively exploited vulnerabilities on 14 July 2026, and gave federal agencies until 17 July to fix them, a three-day window that signals the urgency. The discovery is credited to Adam Babis of SonicWall's security team, with a contribution from the research firm Volexity.

One piece of context helps to size the risk. These are enterprise appliances, not consumer devices, so the problem does not reach the ordinary citizen's phone or computer directly. But remote-access appliances have become a recurring target precisely because they sit at the edge of the network, and one flaw exploited on such a device can open the door to the whole organisation it was meant to protect. As long as there are companies yet to patch, the window of attack stays open.

Sources: SonicWall PSIRT, The Hacker News.

#StaySafe
🙏🖖

Keep reading

More stories

See all →
Finding a hole in the software you rely on now costs an attacker 17 cents
Cibersegurança · Inteligência Artificial

Finding a hole in the software you rely on now costs an attacker 17 cents

A free, open-weight Chinese AI model found flaws in code better than Anthropic's flagship, at about 17 cents each. No ex...

4 MIN · 4 Jul 2026 · NB-L066
All it took was a doctor's click to hand over the key to your medical scans
Cibersegurança · Saúde

All it took was a doctor's click to hand over the key to your medical scans

A flaw in OHIF, the medical image viewer hospitals use to open your scans, lets an attacker steal a doctor's access key...

4 MIN · 3 Jul 2026 · NB-L065
OpenAI launches GPT-5.5-Cyber, opening it to verified defenders to fix software flaws
Cibersegurança · IA

OpenAI launches GPT-5.5-Cyber, opening it to verified defenders to fix software flaws

On June 22, OpenAI released the full version of GPT-5.5-Cyber, a more permissive AI model for finding and fixing vulnera...

4 MIN · 27 Jun 2026 · NB-L057
Weekly · No spam

The Boletim

A weekly summary of the cybersecurity, AI and technology stories that matter — written to be read in five minutes.

Unsubscribe with one click, any week.
BRI assistant

Quer saber sobre um projeto, um serviço ou uma notícia recente? Pergunte. Conheço todo o conteúdo deste site.