CVE-2026-4116
- EPSS 0.22%
- Veröffentlicht 09.04.2026 14:27:29
- Zuletzt bearbeitet 14.05.2026 19:33:35
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVE-2026-4114
- EPSS 0.04%
- Veröffentlicht 09.04.2026 14:25:41
- Zuletzt bearbeitet 14.05.2026 19:37:22
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.
CVE-2026-4113
- EPSS 0.1%
- Veröffentlicht 09.04.2026 14:23:53
- Zuletzt bearbeitet 14.05.2026 19:37:45
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
CVE-2026-4112
- EPSS 0.03%
- Veröffentlicht 09.04.2026 14:22:21
- Zuletzt bearbeitet 14.05.2026 19:43:40
Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...
CVE-2025-40602
- EPSS 0.15%
- Veröffentlicht 18.12.2025 10:58:41
- Zuletzt bearbeitet 19.12.2025 13:57:43
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC).
CVE-2025-23006
- EPSS 51.89%
- Veröffentlicht 23.01.2025 12:15:28
- Zuletzt bearbeitet 31.10.2025 15:56:18
Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthentica...