Threats / SonicWall / CVE-2026-15409
CVE-2026-15409
· EUVD no mirror located
· GCVE no mirror located
Verified 2026-07-15
SonicWall SMA1000 Appliances vulnerability
SonicWall SMA1000 Appliances contain a server-side request forgery vulnerability that could allow a remote unauthenticated attacker to potentially cause the appliance to make requests to unintended location.
Verdict
Today item — known-exploited.
Confirmed exploited in the wild (CISA KEV). Prioritize remediation now and verify exposure.
CISA KEV Yes · 2026-07-143
01
Is it exploitable?
— the evidence, ranked above the scoreReported exploitation
3 independent public reports of in-the-wild exploitation are cataloged.Distinct reporting sources (vendor, incident response, government); open them for the underlying claims.
Exploited in the wild
Listed in the CISA Known Exploited Vulnerabilities catalog (added 2026-07-14).
Severity / affected
Affected: SonicWall, SMA1000 Appliances. Confirm exact fixed builds in the vendor advisory.
Weakness (CWE)
Mapped to CWE-918 Server-Side Request Forgery (SSRF).CWE assignment from the public NVD record; the weakness class drives how the flaw is exploited.
02
Who’s exploiting it?
— attribution turns risk into urgencyAttribution not established
No confirmed (advisory-backed) threat-actor attribution is established for this record. Absence of a named actor is not absence of compromise — see Coverage & confidence.
03
Why it matters
— the attack path, told twice: adversary, then boardAttacker/business narrative framing is pending triage for this record — see Coverage & confidence below. Facts and verdict above are derived deterministically from the public feed.
04
What to do
— defensible action- Remediate per the vendor advisory — confirm the fixed build for your version and verify exposure.1
Say it to the boardA vulnerability with this evidence profile is a defensible budget line, not a backlog ticket — fund the change against the proof above.
05
Coverage & confidence
— what we know, and what we don’tEstablished (cited)
Coverage gaps — stated, not hidden
Disclosure & credit2
Catalogued by sonicwallCNA
Credited with finding itAdam Babis of SonicWall PSIRTfinder