CVE-2026-15410 PUBLISHED

Assigner: sonicwall
Reserved: 10.07.2026 Published: 14.07.2026 Updated: 15.07.2026

Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.

Product Status

Vendor SonicWall
Product SMA1000
Versions Default: unknown
  • affected from 12.4.3-03245 to 12.4.3-03434 (incl.)
  • affected from 12.5.0-02283 to 12.5.0-02800 (incl.)

Credits

  • Adam Babis of SonicWall PSIRT finder

References

Problem Types

  • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE