Home / Vulnerability Intelligence / CVE-2026-4112

CVE-2026-4112 - Vulnerability Analysis

N/a

Last Updated: April 9, 2026

SonicWall SMA1000 - Authentication Bypass

Published: April 9, 2026Updated: April 9, 2026PoC Available

Overview

SonicWall SMA1000 series appliances contain an SQL injection caused by improper neutralization of special elements in SQL commands, letting remote authenticated attackers with read-only admin privileges escalate to primary administrator, exploit requires read-only admin access.

Severity & Score

Severity: N/a

Impact

Remote authenticated attackers with read-only admin privileges can escalate to primary administrator, gaining full control.

Mitigation

Update to the latest version.

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-4112
Severity: N/a
Type: sql_injection
Status: new

CWE

CWE-89

CVSS Metrics

N/A