What is CVE-2026-15409?
A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location.
Timeline
- 2026-07-14Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-14Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-15First covered in a defend.network daily briefing
- 2026-07-17CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
Affected product
SonicWall SMA1000 Appliances
Remediation Steps
- Apply SonicWall security updates immediately
- Monitor for signs of unauthorized access to SMA1000 appliances
- Restrict management interface access to trusted networks only
- Review access logs for suspicious authentication activity
References
Referenced in our briefings & reports
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.