๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-15409: SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
Summary
SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability (SSRF, where an attacker tricks a server into making unwanted requests to other locations), allowing remote attackers without authentication to potentially force the appliance to make requests to unintended destinations. This vulnerability is currently being actively exploited in real-world attacks. Organizations must apply vendor-provided mitigations by July 17, 2026, following CISA's BOD 26-04 guidance on prioritizing security updates.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0008, ensuring compliance with CISA's BOD 26-04 Prioritizing Security Updates Based on Risk guidance. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
July 13, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-15409
First tracked: July 14, 2026 at 08:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%