CVE-2026-15409 PUBLISHED

Assigner: sonicwall
Reserved: 10.07.2026 Published: 14.07.2026 Updated: 15.07.2026

A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.

Product Status

Vendor SonicWall
Product SMA1000
Versions Default: unknown
  • affected from 12.4.3-03245 to 12.4.3-03434 (incl.)
  • affected from 12.5.0-02283 to 12.5.0-02800 (incl.)

Credits

  • Adam Babis of SonicWall PSIRT finder

References

Problem Types

  • CWE-918: Server-Side Request Forgery (SSRF) CWE