CVE-2026-15409

Published Jul 14, 2026

Last updated 2 hours ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-15409 is a critical server-side request forgery (SSRF) vulnerability impacting SonicWall SMA 1000 Series appliances. This flaw resides within the SMA1000 Appliance WorkPlace interface. Exploitation of CVE-2026-15409 can allow remote, unauthenticated attackers to compel the appliance to initiate requests to unintended network locations. This vulnerability has been observed in active exploitation, frequently in conjunction with CVE-2026-15410. SonicWall has released firmware patches to address this issue and advises customers to upgrade their appliances and investigate for potential compromise.

Description
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
Source
PSIRT@sonicwall.com
NVD status
Received

Weaknesses

PSIRT@sonicwall.com
CWE-918

Social media

Hype score
Not currently trending
  1. SonicWall warns that two SMA1000 vulnerabilities (CVE-2026-15409 and CVE-2026-15410) are being used in zero-day attacks. Act now: install the latest security updates to protect your network. https://t.co/xLk14CE0GN

    @trubetech

    14 Jul 2026

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) https://t.co/feLgfWplNj

    @TheCyberSecHub

    14 Jul 2026

    782 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) https://t.co/xQpU3GYHd0

    @lgomezperu

    14 Jul 2026

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #SonicWall SMA appliances targeted in zero-day attacks (#CVE-2026-15409, CVE-2026-15410) https://t.co/n7FywzAmvH https://t.co/aylTCjJWDu

    @evanderburg

    14 Jul 2026

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410): SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is… https://t.co/duxrViYJjx h

    @shah_sheikh

    14 Jul 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) - https://t.co/D2wjIDzVuq - @SonicWall #CVE #CyberSecurity #CyberSecurityNews

    @helpnetsecurity

    14 Jul 2026

    402 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.