logo

SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

ID: 6adbc0b6-ed1d-5d6e-bd7d-ef6ea034b45f

STIX ID: report--6adbc0b6-ed1d-5d6e-bd7d-ef6ea034b45f

Feed Name: Bleeping Computer

Threat Score
90/100

Date Published: 2026-07-14

Date Updated: 2026-07-15

Author: Lawrence Abrams

...
...

SonicWall warns that threat actors are actively exploiting two zero-day vulnerabilities in SMA1000 appliances (CVE-2026-15409 SSRF — CVSS 10.0 and CVE-2026-15410 post-auth code injection), provides affected builds and hotfix versions, supplies IOCs administrators can use to detect compromise, and urges immediate installation of hotfixes or re-imaging of compromised appliances; CISA has added both flaws to its Known Exploited Vulnerabilities catalog and federal agencies must remediate by July 17, 2026.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.