CVE-2026-4112 PUBLISHED

Assigner: sonicwall
Reserved: 13.03.2026 Published: 09.04.2026 Updated: 09.04.2026

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Product Status

Vendor	SonicWall
Product	SMA1000
Versions	Default: unknown Version 12.4.3-03245 (platform-hotfix) and earlier versions. is affected Version 12.5.0-02283 (platform-hotfix) and earlier versions. is affected

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

Problem Types

CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') CWE