CVE-2026-15409

Confirmed PUBLISHED

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated...

SonicWall · SMA1000

1 hour faster than CISA KEV

Exploited in the wild Active exploitation observed PoC available Virtual patch available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
13
Unique Attacker IPs
5
CISA KEV
In CISA KEV
Virtual Patch
Yes 3 targets
CVSS / EPSS
10.0 Critical EPSS 1.3%

At a Glance

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

edge cisa
CVE Published
Jul 14, 2026
Exploitation Reported
Jul 14, 2026
CVSS
10.0 Critical
EPSS
1.3%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
SonicWall
SMA1000

12.4.3-03245 to <= 12.4.3-03434

Affected
SonicWall
SMA1000

12.5.0-02283 to <= 12.5.0-02800

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.