
SonicWall SMA1000 Zero-Days Exploited; Critical Patch Released
SonicWall warns that two SMA1000 flaws (CVE-2026-15409 SSRF and CVE-2026-15410 code execution) are being actively exploited in zero-day attacks; a patch is now available for affected SMA1000 models (6210, 7210, 8200v) via hotfix releases, with IOCs provided to detect compromise; if compromised, reimage or redeploy, reset passwords and rotate TOTP tokens; there are no mitigations outside applying the hotfix; CISA added the flaws to KEV and federal agencies must patch by July 17, 2026 under BOD 26-04.





