wid-sec-w-2026-1012 · Published 2026-04-08 · View on BSI CERT-Bund ↗

SonicWall SMA1000 : Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

CVEs (4)

CVE-2026-4112 CVE-2026-4113 CVE-2026-4114 CVE-2026-4116

Affected Vendors

SonicWall

Affected Products (4)

SonicWall · SMA SMA1000 <12.4.3-03387

SonicWall · SMA SMA1000 12.4.3-03387

SonicWall · SMA SMA1000 <12.5.0-02624

SonicWall · SMA SMA1000 12.5.0-02624

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more