# SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now

_Tuesday, July 14, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now — Primary](https://www.bleepstatic.com/content/hl-images/2022/01/24/Sonicwall.jpg)

SonicWall warned on July 14 that threat actors are actively exploiting two zero-day vulnerabilities in its SMA1000 appliances and urged customers to install newly released security updates immediately. The company said its Product Security Incident Response Team investigated multiple incidents confirming active exploitation of the flaws, tracked as CVE-2026-15409 and CVE-2026-15410. CVE-2026-15409 is a critical server-side request forgery vulnerability in the SMA1000 Appliance Work Place interface with a CVSS score of 10.0 that allows remote unauthenticated attackers to force appliances to make requests to unintended locations. CVE-2026-15410 is a high-severity post-authentication code injection flaw in the SMA1000 Appliance Management Console with a CVSS score of 7.2 that could allow a remote authenticated administrator to execute arbitrary operating system commands. SonicWall assigned the overall advisory a CVSS score of 10.0. The vulnerabilities affect SMA1000 models 6210, 7210, and 8200v running specific platform-hotfix releases. Fixes are available in platform-hotfix versions 12.4.3-03453 and 12.5.0-02835 and later releases. The company said there are no workarounds other than installing the hotfixes. The U.S. Cybersecurity and Infrastructure Security Agency added both vulnerabilities to its Known Exploited Vulnerabilities catalog. Federal agencies have until July 17 to secure affected systems under Binding Operational Directive 26-04.

## Sources

- [Bleeping Computer](https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-flaws-exploited-in-zero-day-attacks-patch-now/)

---
Canonical: https://techandbusiness.org/newswire/Re13ifrGl4Nvybv6crbluE
Retrieved: 2026-07-15T04:13:06.074Z
Publisher: Tech & Business (techandbusiness.org)
