CVE-2026-0400 PUBLISHED

Assigner: sonicwall
Reserved: 02.12.2025 Published: 24.02.2026 Updated: 24.02.2026

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

Product Status

Vendor SonicWall
Product SonicOS
Versions Default: unknown
  • Version 7.0.1-5169 and older versions is affected
  • Version 7.3.1-7013 and older versions is affected
  • Version 8.1.0-8017 and older versions is affected

Credits

  • Vang3lis and Heuzoo of VARAS@IIE finder

References

Problem Types

  • CWE-134 Use of Externally-Controlled Format String CWE