
PEACH
Un cadre d’isolation des locataires
CVE-2026-15409 is a Server-Side Request Forgery (SSRF) vulnerability in the SonicWall SMA1000 Appliance Work Place interface that allows a remote unauthenticated attacker to cause the appliance to make requests to unintended internal or external locations. It affects SMA1000 firmware versions 12.4.3-03245 through 12.4.3-03434 and 12.5.0-02283 through 12.5.0-02800. The vulnerability was published on July 14, 2026, and was immediately added to the CISA Known Exploited Vulnerabilities (KEV) catalog with a remediation due date of July 17, 2026. It carries a CVSS v3.1 base score of 10.0 (Critical) (Feedly, CISA KEV, SonicWall PSIRT).
The vulnerability is classified as CWE-918 (Server-Side Request Forgery) and resides in the Work Place web interface of the SMA1000 appliance. An unauthenticated remote attacker can send crafted HTTP requests to the exposed interface, causing the appliance to issue server-side requests to arbitrary internal or external destinations — effectively using the appliance as a proxy to reach otherwise inaccessible network segments. No authentication or user interaction is required, and the attack complexity is low, making it trivially automatable. The vulnerability maps to CAPEC-664 (Server Side Request Forgery) (Feedly, CISA KEV).
Successful exploitation allows an unauthenticated attacker to force the SMA1000 appliance to make requests to internal services, cloud metadata endpoints, or other network resources that would otherwise be inaccessible from the internet, enabling information disclosure, credential harvesting, and lateral movement within the enterprise network. The CVSS scope is marked as "Changed," reflecting that the impact extends beyond the vulnerable component itself to affect other systems reachable by the appliance. Given that SMA1000 appliances are typically deployed as enterprise VPN/remote access gateways with broad internal network access, exploitation could expose sensitive internal infrastructure to attacker-controlled pivoting (Feedly, CISA KEV).
http://169.254.169.254/, or internal management interface).169.254.169.254), or unexpected external hosts; anomalous traffic patterns from the appliance to internal management interfaces or databases.SonicWall has issued a security advisory (SNWLID-2026-0008) and organizations should apply the vendor-provided patches immediately per the advisory at the SonicWall PSIRT portal. CISA mandates that federal agencies apply mitigations by July 17, 2026, per BOD 26-04 (CISA KEV). As interim workarounds, organizations should implement network segmentation to restrict the SMA1000 appliance's outbound connectivity, apply egress filtering to block unauthorized outbound requests, and consider disabling or restricting access to the Work Place interface if it is not required. Monitor outbound traffic from the appliance for anomalous patterns and review SonicWall's advisory for specific patched firmware versions (SonicWall PSIRT, Feedly).
SonicWall issued an urgent advisory warning customers of active zero-day exploitation of CVE-2026-15409 alongside a companion vulnerability CVE-2026-15410, urging immediate patching (SonicWall PSIRT). BleepingComputer, The Hacker News, SecurityWeek, and Security Affairs all covered the disclosure prominently, highlighting the zero-day nature and CISA's rapid KEV addition (BleepingComputer, The Hacker News). National CERTs including Canada's CCCS, Singapore's CSA, and Hong Kong's HKCERT issued independent advisories urging organizations to patch immediately (CCCS, CSA Singapore). Community discussion on Reddit's r/sonicwall and r/cybersecurity reflected significant concern, with administrators seeking urgent guidance on affected firmware versions and patch availability.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."