CVE-2026-4116PATCHED

sonicwall · sma1000

CVE-2026-4116: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user t

Description

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

Affected Products

Vendor	Product	Versions
sonicwall	sma1000	12.4.3-03245 (platform-hotfix) and earlier versions., 12.5.0-02283 (platform-hotfix) and earlier versions.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003(vendor-advisory)

Related News (1 articles)

Tier C

VulDB21d ago

CVE-2026-4116 | SonicWall SMA1000 Tunnel TOTP Authentication unicode encoding (SNWLID-2026-0003)

→ No new info (linked only)

CVSS 3.17.2 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

CWECWE-176

PublishedApr 9, 2026

Last enriched21d agov2

Trending Score3

Source articles1

Independent1

Info Completeness8/14

Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-0204EXP

CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be access

Trending: 76

CRITICALCVE-2026-0206EXP

CVE-2026-0206: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewal

Trending: 71

CRITICALCVE-2026-0205EXP

CVE-2026-0205: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted ser

Trending: 68

HIGHCVE-2026-4113EXP

CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to

Trending: 2

NONECVE-2026-4114EXP

CVE-2026-4114: Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin

Trending: 2

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 9, 2026

Discovered by ZDM

Apr 9, 2026

Updated: severity

Apr 9, 2026

Patch Available

Apr 13, 2026

Version History

Last enriched 21d ago

v2Tier C21d ago

Updated severity to CRITICAL and corrected exploit availability to false.

severity

via VulDB

v121d ago

Initial creation