ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME16:10:19 UTC
← All briefs
CRITICALCyber IntelligenceWednesday, July 15, 2026

SonicWall warns of active exploits against two SMA 1000 zero-days

One vulnerability carries a maximum severity score and could allow unauthenticated attackers to execute arbitrary commands on enterprise VPN appliances.

SonicWall has disclosed active exploitation of two zero-day vulnerabilities in its Secure Mobile Access 1000 series appliances, devices widely deployed for remote access to corporate networks.

The more severe flaw, CVE-2026-15409, carries a CVSS score of 10.0—the maximum rating—and involves a server-side request forgery vulnerability. According to SonicWall, a remote unauthenticated attacker could exploit the flaw to execute arbitrary commands on affected systems. The second vulnerability has not been detailed in the source material, but SonicWall confirmed both are under active exploitation in the wild.

The SMA 1000 series functions as a gateway for secure remote access, making it a high-value target for threat actors seeking persistent access to enterprise environments. Exploitation of CVE-2026-15409 would grant attackers administrative control without requiring credentials, enabling lateral movement, data exfiltration, or deployment of additional payloads.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
Implications
  • 01Organizations using SonicWall SMA 1000 face immediate risk of unauthenticated remote compromise.
  • 02Threat actors may leverage admin access for lateral movement and data theft.
  • 03Incident response teams should audit SMA 1000 logs for signs of prior exploitation.
  • 04Managed service providers supporting SMA 1000 clients must coordinate emergency patching.
Source
The Hacker News
https://thehackernews.com/2026/07/two-sonicwall-sma-1000-zero-days.html
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#sonicwall#zero-day#remote access#vpn#ssrf#cve-2026-15409
Related Briefs