CVE-2026-4116 PUBLISHED

Assigner: sonicwall
Reserved: 13.03.2026 Published: 09.04.2026 Updated: 09.04.2026

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

Product Status

Vendor	SonicWall
Product	SMA1000
Versions	Default: unknown Version 12.4.3-03245 (platform-hotfix) and earlier versions. is affected Version 12.5.0-02283 (platform-hotfix) and earlier versions. is affected

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

Problem Types

CWE-176 Improper handling of unicode encoding CWE