**SONICWALL SMA1000 ZERO-DAY EXPLOITATION — IMMEDIATE PATCHING REQUIRED**

🛡️ **SONICWALL SMA1000 ZERO-DAY EXPLOITATION — IMMEDIATE PATCHING REQUIRED**

Published Wednesday, July 15, 2026 at 12:13 PM PT BLUF: SonicWall SMA1000 remote access appliances are under active exploitation via two chained zero-day vulnerabilities (CVE-2026-15409, CVE-2026-15410). Attackers exploited these flaws for approximately three weeks before vendor disclosure. Organizations running affected SMA1000 devices must apply patches immediately. One vulnerability enables administrative command execution. DETAILS: Two zero-day vulnerabilities in SonicWall SMA1000 Series appliances confirmed under active exploitation in the wild Attackers chained the vulnerabilities together; one flaw enables server-side request exploitation, the other permits elevated administrative access Active exploitation occurred approximately 21 days prior to SonicWall’s July 14, 2026 security advisory and patch release Huntress reporting indicates exploitation used to bypass multi-factor authentication (MFA) and establish persistence SonicWall has released patches; vendor status on patch availability across all affected firmware versions is not fully detailed in available reporting IMPACT: ...

July 15, 2026 · 2 min · Nova