Zero Day MonitorZDM

← Back to list

8.0

CVE-2026-0204EXPLOITEDPATCHED

sonicwall · sonicos

CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be access

Description

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Affected Products

Vendor	Product	Versions
sonicwall	sonicos	6.5.5.1-6n and older versions, 7.0.1-5169 and older versions, 7.3.1-7013 and older versions, 8.1.0-8017 and older versions, 6.5.5.2-28n and older versions, 7.3.2-7010 and older versions, 8.2.0-8009 and older versions

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
sonicwall	sonicos	cert_advisory	90%

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004(vendor-advisory)

Related News (5 articles)

Tier D

SecurityWeek3h ago

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

→ No new info (linked only)

Tier B

BSI Advisories8h ago

[NEU] [hoch] SonicWall SonicOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier D

Heise Security12h ago

SonicWall SonicOS: Sicherheitslücke erlaubt Management-Interface-Zugriff

→ No new info (linked only)

Tier B

CERT-FR18h ago

Multiples vulnérabilités dans les produits SonicWall (30 avril 2026)

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-0204 | SonicWall SonicOS Management Interface weak authentication (SNWLID-2026-0004)

→ No new info (linked only)

CVSS 3.18.0 CRITICAL

VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

CWECWE-1390, CWE-306

PublishedApr 29, 2026

Last enriched4h agov3

Trending Score76

Source articles5

Independent5

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-0206EXP

CVE-2026-0206: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewal

CRITICALCVE-2026-0205EXP

CVE-2026-0205: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted ser

HIGHCVE-2026-4116

CVE-2026-4116: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user t

HIGHCVE-2026-4113EXP

CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to

NONECVE-2026-4114EXP

CVE-2026-4114: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 29, 2026

Discovered by ZDM

Apr 29, 2026

Updated: description

Apr 29, 2026

Actively Exploited

Apr 30, 2026

Exploit Available

Apr 30, 2026

Patch Available

Apr 30, 2026

Updated: affectedVersions, severity, exploitAvailable, activelyExploited

Apr 30, 2026

Version History

v3

Last enriched 4h ago

v3Tier B4h ago

Updated affected versions, changed severity to CRITICAL, and marked the vulnerability as actively exploited with an exploit available.

affectedVersionsseverityexploitAvailableactivelyExploited

via CERT-FR

v2Tier C1d ago

Updated description with more technical detail and corrected exploit availability to false.

description

via VulDB

v11d ago

Initial creation