What is CVE-2026-15410?
Post-authentication improper control of generation of code ('Code Injection') vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands.
Timeline
- 2026-07-14Published to the U.S. National Vulnerability Database (NVD)
- 2026-07-14Added to the CISA Known Exploited Vulnerabilities (KEV) catalog
- 2026-07-15First covered in a defend.network daily briefing
- 2026-07-17CISA federal remediation deadline (BOD 22-01)
CISA Known Exploited Vulnerability
SonicWall SMA1000 Appliances Code Injection Vulnerability
Affected product
SonicWall SMA1000 Appliances
Remediation Steps
- Install the latest SonicWall SMA1000 security patch
- Verify patch deployment across all SMA1000 instances
- Conduct security assessment of affected systems for indicators of compromise
- Implement network segmentation to isolate appliances from untrusted networks
References
Referenced in our briefings & reports
Browse all tracked CVEs in the defend.network CVE database →
🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.