CVE-2026-15409

Summary

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA100012.4.3-03245 <= 12.4.3-03434affected
SonicWallSMA100012.5.0-02283 <= 12.5.0-02800affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References