CVE-2026-15410

Summary

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

Affected Software

VendorProductVersion RangeStatus
SonicWallSMA100012.4.3-03245 <= 12.4.3-03434affected
SonicWallSMA100012.5.0-02283 <= 12.5.0-02800affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References