CVSS: 4.9EPSS: 0%CPEs: 67EXPL: 0CVE-2026-0206
https://notcve.org/view.php?id=CVE-2026-0206
29 Apr 2026 — A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004 • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 67EXPL: 0CVE-2026-0205
https://notcve.org/view.php?id=CVE-2026-0205
29 Apr 2026 — A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004 • CWE-35: Path Traversal: '.../ •
CVSS: 8.0EPSS: 0%CPEs: 67EXPL: 0CVE-2026-0204
https://notcve.org/view.php?id=CVE-2026-0204
29 Apr 2026 — A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004 • CWE-306: Missing Authentication for Critical Function CWE-1390: Weak Authentication •
CVSS: 3.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-3470
https://notcve.org/view.php?id=CVE-2026-3470
31 Mar 2026 — A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could exploit this issue by providing crafted input that corrupts application database. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 • CWE-20: Improper Input Validation •
CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0CVE-2026-3469
https://notcve.org/view.php?id=CVE-2026-3469
31 Mar 2026 — A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the application to become unresponsive. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-3468
https://notcve.org/view.php?id=CVE-2026-3468
31 Mar 2026 — A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40602 – SonicWall SMA1000 Missing Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2025-40602
18 Dec 2025 — A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 • CWE-250: Execution with Unnecessary Privileges CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40605
https://notcve.org/view.php?id=CVE-2025-40605
20 Nov 2025 — A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 • CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40604
https://notcve.org/view.php?id=CVE-2025-40604
20 Nov 2025 — Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0018 • CWE-494: Download of Code Without Integrity Check •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2025-40603
https://notcve.org/view.php?id=CVE-2025-40603
31 Oct 2025 — A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0017 • CWE-532: Insertion of Sensitive Information into Log File •