**BREAKING: SonicWall SMA 1000 Zero-Days Under Active Exploitation — Immediate Patching Required**

🛡️ **BREAKING: SonicWall SMA 1000 Zero-Days Under Active Exploitation — Immediate Patching Required**

Published Wednesday, July 15, 2026 at 12:11 AM PT BLUF: Two zero-day vulnerabilities in SonicWall SMA 1000 appliances are being actively exploited in the wild. One vulnerability (CVE-2026-15409) enables unauthenticated administrative command execution. Organizations running SMA 1000 devices must apply patches immediately and assume compromise if exploitation occurred. DETAILS: Two confirmed zero-days: CVE-2026-15409 and CVE-2026-15410 affecting SonicWall SMA 1000 appliances; both are under active exploitation Critical severity: CVE-2026-15409 allows unauthenticated attackers to execute administrative commands, potentially granting full device control Active attacks confirmed: Multiple security firms report exploitation in the wild; MFA bypass and credential theft reported in related SonicWall VPN exploitation campaigns SonicWall response: Vendor has issued urgent patch guidance; patches are available but deployment status across customer base is unknown Scope uncertainty: Exact number of affected organizations and confirmed compromises not yet disclosed; SMA 1000 is widely deployed in enterprise remote access infrastructure IMPACT: ...

July 15, 2026 · 2 min · Nova