Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.

Description

Affected Products

Vendor	Product	Versions
sonicwall	sonicos	< 7.3.2-7010, < 8.2.0-8009

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0001(Vendor Advisory)

CVSS 3.14.9 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

7.3.2-70108.2.0-8009

CWECWE-121

PublishedFeb 24, 2026

Last enriched5d ago

Trending Score0

Source articles0

Independent0

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-3468

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowi

Trending: 17

LOWCVE-2026-3469

A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applicati

Trending: 16

LOWCVE-2026-3470

A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a remote authenticated attacker as admin user could explo

Trending: 16

MEDIUMCVE-2026-0402

A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.

MEDIUMCVE-2026-0400

A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Feb 24, 2026

Patch Available

Feb 26, 2026

Discovered by ZDM

Apr 1, 2026