Zero Day MonitorZDM

← Back to list

4.9

CVE-2026-0206EXPLOITEDPATCHED

sonicwall · sonicos

CVE-2026-0206: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewal

Description

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

Affected Products

Vendor	Product	Versions
sonicwall	sonicos	6.5.5.1-6n and older versions, 7.0.1-5169 and older versions, 7.3.1-7013 and older versions, 8.1.0-8017 and older versions, <= 6.5.5.1-6n, <= 7.0.1-5169, <= 7.3.1-7013, <= 8.1.0-8017, versions antérieures à 6.5.5.2-28n, versions antérieures à 7.3.2-7010, versions antérieures à 8.2.0-8009, 6.5.5.2-28n, 7.3.2-7010, 8.2.0-8009

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
sonicwall	sonicos	cert_advisory	90%

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004(vendor-advisory)

Related News (5 articles)

Tier D

SecurityWeek2h ago

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

→ No new info (linked only)

Tier B

BSI Advisories7h ago

[NEU] [hoch] SonicWall SonicOS: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR17h ago

Multiples vulnérabilités dans les produits SonicWall (30 avril 2026)

→ No new info (linked only)

Tier B

CCCS Canada23h ago

SonicWall security advisory (AV26-405)

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-0206 | SonicWall SonicOS stack-based overflow (SNWLID-2026-0004)

→ No new info (linked only)

CVSS 3.14.9 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

CWECWE-121

PublishedApr 29, 2026

Last enriched1h agov4

Tags

multiple vulnerabilitiesfirmwarefirewalldenial of servicesecurity bypass

Trending Score72

Source articles5

Independent5

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-0204EXP

CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be access

CRITICALCVE-2026-0205EXP

CVE-2026-0205: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted ser

HIGHCVE-2026-4116

CVE-2026-4116: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user t

HIGHCVE-2026-4113EXP

CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to

NONECVE-2026-4114EXP

CVE-2026-4114: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 29, 2026

Discovered by ZDM

Apr 29, 2026

Actively Exploited

Apr 29, 2026

Exploit Available

Apr 29, 2026

Patch Available

Apr 29, 2026

Updated: severity, activelyExploited

Apr 29, 2026

Updated: affectedVersions, exploitAvailable, tags

Apr 30, 2026

Updated: affectedVersions

Apr 30, 2026

Version History

v4

Last enriched 1h ago

v4Tier D1h ago

Updated affected versions and patch information, and changed severity from CRITICAL to HIGH.

affectedVersions

via SecurityWeek

v3Tier B3h ago

Updated affected versions with new ranges and marked exploit availability as true, while adding new tags for denial of service and security bypass.

affectedVersionsexploitAvailabletags

via CERT-FR

v2Tier C23h ago

Updated severity to CRITICAL, marked as actively exploited, and noted that no exploit is available.

severityactivelyExploited

via VulDB

v123h ago

Initial creation