SonicWall warns of active exploits against two SMA 1000 zero-days
One vulnerability carries a maximum severity score and could allow unauthenticated attackers to execute arbitrary commands on enterprise VPN appliances.
SonicWall has disclosed active exploitation of two zero-day vulnerabilities in its Secure Mobile Access 1000 series appliances, devices widely deployed for remote access to corporate networks.
The more severe flaw, CVE-2026-15409, carries a CVSS score of 10.0—the maximum rating—and involves a server-side request forgery vulnerability. According to SonicWall, a remote unauthenticated attacker could exploit the flaw to execute arbitrary commands on affected systems. The second vulnerability has not been detailed in the source material, but SonicWall confirmed both are under active exploitation in the wild.
The SMA 1000 series functions as a gateway for secure remote access, making it a high-value target for threat actors seeking persistent access to enterprise environments. Exploitation of CVE-2026-15409 would grant attackers administrative control without requiring credentials, enabling lateral movement, data exfiltration, or deployment of additional payloads.
- 01Organizations using SonicWall SMA 1000 face immediate risk of unauthenticated remote compromise.
- 02Threat actors may leverage admin access for lateral movement and data theft.
- 03Incident response teams should audit SMA 1000 logs for signs of prior exploitation.
- 04Managed service providers supporting SMA 1000 clients must coordinate emergency patching.
Windows zero-day grants admin access on patched systems
Researcher releases LegacyHive exploit enabling privilege escalation on current Windows versions, no patch available.
Ransomware attack halts Coca-Cola's Fairlife dairy production nationwide
Coca-Cola disclosed that a cyberattack on its Fairlife subsidiary has suspended all US production of the premium dairy brand.
Security firm automates zero-day discovery using AI code analysis
Intruder's vulnerability vending machine combines code slicing with large language models to find exploitable flaws without human analysts.