SonicWall has issued an urgent security warning after confirming that two previously unknown zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances are being actively exploited by attackers. The company said it investigated multiple real-world incidents that confirmed the flaws are already being used in attacks. Organizations using these devices have been advised to install the latest security updates without delay.

The two vulnerabilities have been assigned CVE-2026-15409 and CVE-2026-15410. According to SonicWall, one of the flaws is a server-side request forgery (SSRF) vulnerability, while the second is a code injection vulnerability. When combined, the vulnerabilities can allow attackers to execute arbitrary operating system commands, making them highly dangerous for affected organizations.
The company explained that the flaws affect only SMA 1000 series appliances that provide secure remote access for enterprise users. SonicWall also clarified that its Firewall products and SMA 100 series devices are not impacted by these vulnerabilities. This helps narrow down which customers need to take immediate action.

SonicWall’s Product Security Incident Response Team (PSIRT) said it discovered evidence showing the vulnerabilities were being actively exploited in the wild. The issues were internally identified and responsibly reported by security researcher Adam Babis through the company’s PSIRT program. After confirming the attacks, SonicWall quickly released security fixes for affected customers.
To reduce the risk of compromise, SonicWall has released updated firmware that fixes both vulnerabilities. The company strongly recommends that customers upgrade to the latest hotfix version as soon as possible. Delaying the update could leave vulnerable appliances exposed to attackers attempting to gain unauthorized access or execute malicious commands.

Apart from installing the latest updates, organizations should also check their appliances for signs of possible compromise. Security teams are encouraged to review system logs, monitor for suspicious activity, and follow SonicWall’s recommended security practices. Taking these additional steps can help identify whether an attack occurred before the patches were installed.
Secure remote access appliances have become attractive targets because they often sit at the edge of enterprise networks and provide access to critical internal resources. If attackers successfully exploit vulnerabilities in these devices, they may gain a foothold inside an organization’s network, increasing the risk of further attacks or data theft.

The active exploitation of these two zero-day vulnerabilities highlights the importance of timely patch management and continuous monitoring. Organizations using SonicWall SMA 1000 appliances should treat this advisory as a high priority, apply the available security updates immediately, and investigate their systems for any evidence of unauthorized activity to reduce the risk of compromise.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news