SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
Overview
SonicWall has identified two vulnerabilities in its Secure Mobile Access (SMA) 1000 Series appliances, known as CVE-2026-15409 and CVE-2026-15410, which are currently being exploited by attackers. The company is urging its customers to upgrade to a fixed firmware version immediately and to check for signs of compromise on their systems. If any indicators of compromise are found, SonicWall recommends that organizations re-image their hardware or redeploy their virtual appliances, change all user and administrator passwords, and reset any Time-based One-Time Password (TOTP) tokens. This situation raises concerns for organizations relying on these appliances for secure remote access, as attackers could exploit these vulnerabilities to gain unauthorized access to sensitive information. Swift action is essential to mitigate potential risks.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: SonicWall Secure Mobile Access (SMA) 1000 Series appliances
- Action Required: Upgrade to the fixed firmware version provided by SonicWall.
- Timeline: Newly disclosed
Original Article Summary
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, the company advises re-imaging (hardware) or re-deploying (virtual) appliances, changing user and administrator passwords, and resetting TOTP tokens. The vulnerabilities SonicWall SMA 1000 series appliances are secure … More → The post SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) appeared first on Help Net Security.
Impact
SonicWall Secure Mobile Access (SMA) 1000 Series appliances
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Upgrade to the fixed firmware version provided by SonicWall. If indicators of compromise are detected, re-image hardware or redeploy virtual appliances, change user and administrator passwords, and reset TOTP tokens.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Zero-day, Exploit, and 1 more.