SonicWall, a maker of network security appliances, issued an urgent advisory on 14 July 2026 about two vulnerabilities in its SMA 1000 series remote-access appliances, and confirmed that both are already being exploited by attackers. They are known as zero-day flaws, because the attacks began before a fix was available. These devices give employees secure access to the company network from outside, and that is exactly what makes them a prized target, sitting at the doorway to internal systems.
The more serious of the two, tracked as CVE-2026-15409, received the maximum risk score, 10.0 out of 10 on the CVSS scale (the standard index that measures how severe a flaw is). It is a server-side request forgery (SSRF), a technique that tricks the appliance itself into making requests to unintended destinations, and, unlike the second flaw, it requires no password to abuse.
The second, CVE-2026-15410, scores 7.2 and requires the attacker to be already authenticated with administrator privileges. In that scenario, it allows arbitrary commands to be run on the appliance's operating system, in effect taking it over.
Who is affected, and the fix
According to SonicWall's advisory (reference SNWLID-2026-0008), the flaws affect models 6210, 7210 and 8200v of the SMA 1000 series. The company stresses that SonicWall firewalls and the SMA 100 series are not affected. A fix is already available, in firmware versions (the device's internal software) 12.4.3-03453 and 12.5.0-02835, or higher, offered on the mysonicwall.com portal. Anyone running these appliances should update urgently and, given the active exploitation, look for signs of intrusion in the logs before assuming they are safe.
Pressure from regulators
The severity was recognised beyond the vendor. CISA, the United States government's cybersecurity agency, added both flaws to its catalogue of actively exploited vulnerabilities on 14 July 2026, and gave federal agencies until 17 July to fix them, a three-day window that signals the urgency. The discovery is credited to Adam Babis of SonicWall's security team, with a contribution from the research firm Volexity.
One piece of context helps to size the risk. These are enterprise appliances, not consumer devices, so the problem does not reach the ordinary citizen's phone or computer directly. But remote-access appliances have become a recurring target precisely because they sit at the edge of the network, and one flaw exploited on such a device can open the door to the whole organisation it was meant to protect. As long as there are companies yet to patch, the window of attack stays open.
Sources: SonicWall PSIRT, The Hacker News.
#StaySafe
🙏🖖