SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
ID: 6adbc0b6-ed1d-5d6e-bd7d-ef6ea034b45f
STIX ID: report--6adbc0b6-ed1d-5d6e-bd7d-ef6ea034b45f
Feed Name: Bleeping Computer
SonicWall warns that threat actors are actively exploiting two zero-day vulnerabilities in SMA1000 appliances (CVE-2026-15409 SSRF — CVSS 10.0 and CVE-2026-15410 post-auth code injection), provides affected builds and hotfix versions, supplies IOCs administrators can use to detect compromise, and urges immediate installation of hotfixes or re-imaging of compromised appliances; CISA has added both flaws to its Known Exploited Vulnerabilities catalog and federal agencies must remediate by July 17, 2026.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
