CVE-2026-0204

Medienbericht

EPSS 0.01%
Veröffentlicht 29.04.2026 16:15:32
Zuletzt bearbeitet 05.05.2026 16:11:20
Quelle PSIRT@sonicwall.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sonicwall ≫ Sonicos Version < 6.5.5.2-28n

   Sonicwall ≫ Nsa 2650 Version-
   Sonicwall ≫ Nsa 3600 Version-
   Sonicwall ≫ Nsa 3650 Version-
   Sonicwall ≫ Nsa 4600 Version-
   Sonicwall ≫ Nsa 4650 Version-
   Sonicwall ≫ Nsa 5600 Version-
   Sonicwall ≫ Nsa 5650 Version-
   Sonicwall ≫ Nsa 6600 Version-
   Sonicwall ≫ Nsa 6650 Version-
   Sonicwall ≫ Sm 9200 Version-
   Sonicwall ≫ Sm 9250 Version-
   Sonicwall ≫ Sm 9400 Version-
   Sonicwall ≫ Sm 9450 Version-
   Sonicwall ≫ Sm 9600 Version-
   Sonicwall ≫ Sm 9650 Version-
   Sonicwall ≫ Soho 250 Version-
   Sonicwall ≫ Soho 250w Version-
   Sonicwall ≫ Sohow Version-
   Sonicwall ≫ Tz 300 Version-
   Sonicwall ≫ Tz 300p Version-
   Sonicwall ≫ Tz 300w Version-
   Sonicwall ≫ Tz 350 Version-
   Sonicwall ≫ Tz 350w Version-
   Sonicwall ≫ Tz 400 Version-
   Sonicwall ≫ Tz 400w Version-
   Sonicwall ≫ Tz 500 Version-
   Sonicwall ≫ Tz 500w Version-
   Sonicwall ≫ Tz 600 Version-
   Sonicwall ≫ Tz 600p Version-

Sonicwall ≫ Sonicos Version >= 7.0.0.0 <= 7.0.1-5169

   Sonicwall ≫ Nsa 2700 Version-
   Sonicwall ≫ Nsa 3700 Version-
   Sonicwall ≫ Nsa 4700 Version-
   Sonicwall ≫ Nsa 5700 Version-
   Sonicwall ≫ Nsa 6700 Version-
   Sonicwall ≫ Nssp 10700 Version-
   Sonicwall ≫ Nssp 11700 Version-
   Sonicwall ≫ Nssp 13700 Version-
   Sonicwall ≫ Nssp 15700 Version-
   Sonicwall ≫ Nsv 270 Version-
   Sonicwall ≫ Nsv 470 Version-
   Sonicwall ≫ Nsv 870 Version-
   Sonicwall ≫ Tz270 Version-
   Sonicwall ≫ Tz270w Version-
   Sonicwall ≫ Tz370 Version-
   Sonicwall ≫ Tz370w Version-
   Sonicwall ≫ Tz470 Version-
   Sonicwall ≫ Tz470w Version-
   Sonicwall ≫ Tz570 Version-
   Sonicwall ≫ Tz570p Version-
   Sonicwall ≫ Tz570w Version-
   Sonicwall ≫ Tz670 Version-

Sonicwall ≫ Sonicos Version >= 7.1.1-7040 < 7.3.2-7010

Sonicwall ≫ Sonicos Version >= 8.0.0-8035 < 8.2.0-8009

   Sonicwall ≫ Nsa 2800 Version-
   Sonicwall ≫ Nsa 3800 Version-
   Sonicwall ≫ Nsa 4800 Version-
   Sonicwall ≫ Nsa 5800 Version-
   Sonicwall ≫ Tz280 Version-
   Sonicwall ≫ Tz280w Version-
   Sonicwall ≫ Tz380 Version-
   Sonicwall ≫ Tz380w Version-
   Sonicwall ≫ Tz480 Version-
   Sonicwall ≫ Tz580 Version-
   Sonicwall ≫ Tz680 Version-
   Sonicwall ≫ Tz80 Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-1390 Weak Authentication

The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Media Report

https://www.heise.de/news/SonicWall-SonicOS-Sicherheitsluecke-erlaubt-Management-Interface-Zugriff-11277522.html

Media Report

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-0204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0204

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-0204