Alerts

Multiple Vulnerabilities in SonicWall SMA1000 Series

13 April 2026

SonicWall has released security updates to address multiple vulnerabilities in the SMA1000 series appliances. Users and administrators of affected products are advised to update to the latest version immediately.

Background

SonicWall has released security updates to address multiple vulnerabilities (CVE-2026-4112, CVE-2026-4113, CVE-2026-4114, and CVE-2026-4116) affecting the SonicWall SMA1000 series appliances.

Impact

Successful exploitation of these vulnerabilities could lead to the following:

CVE-2026-4112: Allowing a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

CVE-2026-4113: Allowing an unauthenticated remote attacker to enumerate SSL VPN user credentials.

CVE-2026-4114: Allowing a remote authenticated SSL VPN administrator to bypass AMC time-based one-time password (TOTP) authentication.

CVE-2026-4116: Allowing a remote authenticated SSL VPN user to bypass Workplace or Connect Tunnel TOTP authentication.

Affected Products

These vulnerabilities affect the following SonicWall SMA1000 series appliances:

SonicWall SMA1000 versions prior to 12.4.3-03245 (platform-hotfix)

SonicWall SMA1000 versions prior to 12.5.0-02283 (platform-hotfix)

Mitigation

Users and administrators of affected products are advised to update to the latest version immediately.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

https://nvd.nist.gov/vuln/detail/CVE-2026-4112

https://nvd.nist.gov/vuln/detail/CVE-2026-4113

https://nvd.nist.gov/vuln/detail/CVE-2026-4114

https://nvd.nist.gov/vuln/detail/CVE-2026-4116

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Multiple Vulnerabilities in SonicWall SMA1000 Series

Reach us