SYS::ONLINE
Wasteland.
Briefs1204
Issues19
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-15409 2026-07-14

CVE-2026-15409: Critical Unauthenticated SSRF in SonicWall SMA1000 Appliances

"A remote, unauthenticated server-side request forgery (SSRF) flaw in the SonicWall SMA1000 Work Place interface carries a maximum CVSS score of 10.0 and is confirmed by CISA as actively exploited."

A remote, unauthenticated server-side request forgery (SSRF) flaw in the SonicWall SMA1000 Work Place interface carries a maximum CVSS score of 10.0 and is confirmed by CISA as actively exploited.

What Is It

CVE-2026-15409 is a server-side request forgery (SSRF) vulnerability (CWE-918) in the SonicWall SMA1000 Appliance Work Place interface. A remote, unauthenticated attacker could potentially cause the appliance to make requests to an unintended location. It carries a CVSS 3.1 base score of 10.0 (CRITICAL), with vector AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, network-reachable, low complexity, no privileges or user interaction required, a changed scope, and high impact to confidentiality, integrity, and availability.

Why It Matters

CISA added this CVE to its Known Exploited Vulnerabilities (KEV) catalog on 2026-07-14, confirming active exploitation in the wild. CISA's SSVC assessment rates exploitation as "active," automatable as "yes," and technical impact as "total." The combination of no authentication, network attack vector, and a perfect 10.0 score means an internet-exposed appliance can be attacked directly by any remote party. Known ransomware campaign use is currently listed as Unknown.

What's Vulnerable

The affected product is SonicWall SMA1000 (Linux platform). Per the NVD record, the following version ranges are affected:

Patch Status

CISA's required action is to apply mitigations in accordance with vendor instructions, ensuring compliance with CISA's BOD 26-04 "Prioritizing Security Updates Based on Risk" guidance and CISA's "Forensics Triage Requirements." Organizations should follow applicable BOD 26-04 guidance for cloud services, or discontinue use of the product if mitigations are unavailable, and evaluate each asset's internet exposure. The remediation due date is 2026-07-17. Refer to SonicWall PSIRT advisory SNWLID-2026-0008 for vendor instructions.

Sources