On July 14, 2026, SonicWall disclosed two vulnerabilities in SonicWall SMA1000 appliances. Models 6210, 7210, and 8200v are affected.
CVE-2026-15409 is a critical (CVSS score of 10.0) unauthenticated server-side request forgery (SSRF) flaw that allows an attacker to force the appliance to make requests to unintended destinations. CVE-2026-15410 is a high-severity (CVSS score of 7.2) command injection vulnerability in the Appliance Management Console that can enable arbitrary operating system command execution by an administrator-level user.
SonicWall confirmed exploitation of the vulnerabilities in the wild. The U.S. Cybersecurity and Infrastructure Security Agency's (CISA) added both to its Known Exploited Vulnerabilities (KEV) catalog.
Recommended actions
Counter Threat Unit™ (CTU) researchers recommend that organizations identify vulnerable SonicWall appliances in their environments and upgrade as appropriate as soon as possible. The SonicWall advisory lists additional guidance for identifying and mitigating a potential compromise.
Sophos protections
SophosLabs continues to monitor the threat landscape for activity related to these vulnerabilities and will deliver detections and protections as available.

