Zero Day MonitorZDM

← Back to list

6.8

CVE-2026-0205EXPLOITEDPATCHED

sonicwall · sonicos

CVE-2026-0205: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted ser

Description

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

Affected Products

Vendor	Product	Versions
sonicwall	sonicos	6.5.5.1-6n and older versions, 7.0.1-5169 and older versions, 7.3.1-7013 and older versions, 8.1.0-8017 and older versions, 6.5.5.2-28n and older versions, 7.3.2-7010 and older versions, 8.2.0-8009 and older versions

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
sonicwall	sonicos	cert_advisory	90%

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004(vendor-advisory)

Related News (4 articles)

Tier D

SecurityWeek5h ago

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

→ No new info (linked only)

Tier B

BSI Advisories10h ago

[NEU] [hoch] SonicWall SonicOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR19h ago

Multiples vulnérabilités dans les produits SonicWall (30 avril 2026)

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-0205 | SonicWall SonicOS path traversal (SNWLID-2026-0004)

→ No new info (linked only)

CVSS 3.16.8 CRITICAL

VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

CWECWE-35

PublishedApr 29, 2026

Last enriched6h agov3

Trending Score68

Source articles4

Independent4

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-0204EXP

CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be access

CRITICALCVE-2026-0206EXP

CVE-2026-0206: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewal

HIGHCVE-2026-4116

CVE-2026-4116: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user t

HIGHCVE-2026-4113EXP

CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to

NONECVE-2026-4114EXP

CVE-2026-4114: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 29, 2026

Discovered by ZDM

Apr 29, 2026

Actively Exploited

Apr 29, 2026

Exploit Available

Apr 29, 2026

Patch Available

Apr 29, 2026

Updated: severity, activelyExploited

Apr 29, 2026

Updated: affectedVersions, exploitAvailable

Apr 30, 2026

Version History

v3

Last enriched 6h ago

v3Tier B6h ago

Updated affected versions and marked exploit as available.

affectedVersionsexploitAvailable

via CERT-FR

v2Tier C1d ago

Updated severity to CRITICAL, marked exploit as unavailable, and noted that the vulnerability is actively exploited.

severityactivelyExploited

via VulDB

v11d ago

Initial creation