CVE-2026-3468 PUBLISHED

Assigner: sonicwall
Reserved: 03.03.2026 Published: 31.03.2026 Updated: 31.03.2026

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

Product Status

Vendor	SonicWall
Product	Email Security
Versions	Default: unknown Version 10.0.34.8215 and earlier versions is affected Version 10.0.34.8223 and earlier versions is affected

Credits

Brian Mariani of DigitalCanion SA - www.digitalcanion.com finder

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE