SonicWall SMA 1000 Zero-Days Actively Exploited in Attacks
SonicWall has released urgent security patches for two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA 1000 series appliances. Threat actors are chaining the flaws—a server-side request forgery (SSRF) and a code injection bug—to achieve unauthenticated remote code execution with root privileges. Rapid7 reported observing exploitation in the wild since late June 2026, weeks before patches were available. CISA has added both vulnerabilities to its KEV catalog, mandating immediate action for federal agencies.