SonicWall Firewall and Security firm
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any SonicWall product.
RSS Feeds for SonicWall security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in SonicWall products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by SonicWall Sorted by Most Security Vulnerabilities since 2018
Known Exploited SonicWall Vulnerabilities
The following SonicWall vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| SonicWall SMA1000 Missing Authorization Vulnerability |
SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. CVE-2025-40602 Exploit Probability: 0.3% |
December 17, 2025 |
| SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. CVE-2023-44221 Exploit Probability: 21.7% |
May 1, 2025 |
| SonicWall SMA100 Appliances OS Command Injection Vulnerability |
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. CVE-2021-20035 Exploit Probability: 4.0% |
April 16, 2025 |
| SonicWall SonicOS SSLVPN Improper Authentication Vulnerability |
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. CVE-2024-53704 Exploit Probability: 93.9% |
February 18, 2025 |
| SonicWall SMA1000 Appliances Deserialization Vulnerability |
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. CVE-2025-23006 Exploit Probability: 63.4% |
January 24, 2025 |
| SonicWall SonicOS Improper Access Control Vulnerability |
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. CVE-2024-40766 Exploit Probability: 3.4% |
September 9, 2024 |
| SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability |
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. CVE-2021-20028 Exploit Probability: 81.8% |
March 28, 2022 |
| SonicWall SMA100 Directory Traversal Vulnerability |
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. CVE-2019-7483 Exploit Probability: 42.4% |
March 28, 2022 |
| SonicWall SonicOS Buffer Overflow Vulnerability |
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. CVE-2020-5135 Exploit Probability: 25.0% |
March 15, 2022 |
| SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability |
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. CVE-2021-20038 Exploit Probability: 94.3% |
January 28, 2022 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. CVE-2021-20021 Exploit Probability: 91.7% |
November 3, 2021 |
| SonicWall SMA100 9.0.0.3 and Earlier SQL Injection |
Vulnerability in SonicWall SMA100 versions 9.0.0.3 and earlier allow an unauthenticated user to gain read-only access to unauthorized resources. CVE-2019-7481 Exploit Probability: 94.4% |
November 3, 2021 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE-2021-20022 Exploit Probability: 20.0% |
November 3, 2021 |
| SonicWall Email Security Privilege Escalation Exploit Chain |
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE-2021-20023 Exploit Probability: 48.6% |
November 3, 2021 |
| SonicWall SSL VPN SMA100 SQL Injection Vulnerability |
Allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information in SMA100 build version 10.x. CVE-2021-20016 Exploit Probability: 78.0% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 5 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 7 known exploited SonicWall vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 5 vulnerabilities in SonicWall with an average score of 4.9 out of ten. Last year, in 2025 SonicWall had 19 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in SonicWall in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.24
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 4.90 |
| 2025 | 19 | 7.14 |
| 2024 | 11 | 7.93 |
| 2023 | 32 | 7.69 |
| 2022 | 7 | 8.15 |
| 2021 | 34 | 7.79 |
| 2020 | 15 | 7.01 |
| 2019 | 21 | 8.07 |
| 2018 | 3 | 6.90 |
It may take a day or so for new SonicWall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SonicWall Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3439 | Mar 04, 2026 |
SonicOS Stack-Based Buffer Overflow in Cert Handling Enables CrashA post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. |
Sonicos
|
| CVE-2026-0402 | Feb 24, 2026 |
SonicOS Post-Auth OOB Read Crash VulnerabilityA post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. |
Sonicos
|
| CVE-2026-0401 | Feb 24, 2026 |
NULL Pointer Deref in SonicOS Firewall PostAuth Crash VulnerabilityA post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall. |
Sonicos
|
| CVE-2026-0400 | Feb 24, 2026 |
SonicOS Post-Auth Format String Crash CVE-2026-0400A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall. |
Sonicos
|
| CVE-2026-0399 | Feb 24, 2026 |
SonicOS API stack buffer overflow (post-auth)Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. |
Sonicos
|
| CVE-2025-40602 | Dec 18, 2025 |
SonicWall SMA1000 AMC LPE via Insufficient AuthA local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). |
|
| CVE-2025-40601 | Nov 20, 2025 |
SonicOS SSLVPN Buffer Overflow Remote Unauth DoSA Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. |
Sonicos
|
| CVE-2025-40605 | Nov 20, 2025 |
Email Sec Appliance Path Traversal Unauthorized File AccessA Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. |
Email Security
|
| CVE-2025-40604 | Nov 20, 2025 |
SonicWall Email Security Appliance: Root FS Image Integrity Check BypassDownload of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. |
Email Security
|
| CVE-2025-40603 | Oct 31, 2025 |
SonicWall SMA100 Remote Auth Admin Log Info Leak (CVE-2025-40603)A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances may allow a remote, authenticated administrator, under certain conditions to view partial users credential data. |
Sma100
|
| CVE-2025-40600 | Jul 29, 2025 |
SonicOS SSL VPN Format String Causing DoSUse of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. |
Sonicos
|
| CVE-2025-32821 | May 07, 2025 |
SMA100 SSLVPN Command Injection: File Upload by Authenticated AttackerA vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance. |
|
| CVE-2025-32819 | May 07, 2025 |
SMA100 SSLVPN Auth Path Traversal File Deletion (CVE-2025-32819)A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
|
| CVE-2025-2170 | Apr 30, 2025 |
SSRF in SMA1000 WorkPlace Interface Allows Remote UnAuth RequestsA Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface, which in specific conditions could potentially enable a remote unauthenticated attacker to cause the appliance to make requests to an unintended location. |
Sma1000 Firmware
|
| CVE-2025-32818 | Apr 23, 2025 |
SonicOS SSLVPN Virtual Office NPE in SSLVPN Interface allows Remote DoSA Null Pointer Dereference vulnerability in the SonicOS SSLVPN Virtual office interface allows a remote, unauthenticated attacker to crash the firewall, potentially leading to a Denial-of-Service (DoS) condition. |
Sonicos
|
| CVE-2025-23009 | Apr 10, 2025 |
CVE-2025-23009: LPE in SonicWall NetExtender (32/64-bit) -> File DeleteA local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. |
Netextender
|
| CVE-2025-23010 | Apr 10, 2025 |
Link Following in SonicWall NetExtender Windows ClientAn Improper Link Resolution Before File Access ('Link Following') vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to manipulate file paths. |
Netextender
|
| CVE-2025-23006 | Jan 23, 2025 |
Remote OS Command Exec via Pre-auth Deserialization in SMA1000 AMC/CMCPre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), which in specific conditions could potentially enable a remote unauthenticated attacker to execute arbitrary OS commands. |
Sma8200v
|
| CVE-2024-12803 | Jan 09, 2025 |
SonicOS CLI Buffer Overflow Enables Remote CrashA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. |
Sonicos
|
| CVE-2024-12805 | Jan 09, 2025 |
SonicOS Post-Auth Format String Vulnerability Enables Crash & RCEA post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. |
Sonicos
|
| CVE-2024-12806 | Jan 09, 2025 |
SonicOS Admin Absolute Path Traversal Enables Post-Auth File ReadA post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. |
Sonicos
|
| CVE-2024-40765 | Jan 09, 2025 |
Integer Overflow in SonicOS IPSec (IKEv2) Remote DoS/ExecAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. |
Sonicos
|
| CVE-2024-53704 | Jan 09, 2025 |
Improper Auth in SSLVPN auth bypass vulnerabilityAn Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. |
Sonicos
|
| CVE-2024-53705 | Jan 09, 2025 |
SSRF in SonicOS SSH Mgmt Enables Remote TCP ConnectionsA Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. |
Sonicos
|
| CVE-2024-40766 | Aug 23, 2024 |
SonicWall SonicOS 7.0.1-5035 MM Access Control VulnerabilityAn improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions. |
Sonicos
|
| CVE-2024-29014 | Jul 18, 2024 |
Arbitrary Code Exec in SonicWall SMA100 NetExtender <10.2.339 Windows ClientVulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. |
Netextender
|
| CVE-2024-40764 | Jul 18, 2024 |
SonicOS IPSec VPN Heap Overflow DoSHeap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). |
Sonicos
|
| CVE-2024-3596 | Jul 09, 2024 |
RADIUS MD5 Response Authenticator Forgery via Chosen-Prefix CollisionRADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. |
Sonicos
|
| CVE-2024-29013 | Jun 20, 2024 |
Heap BOverflow in SonicOS SSLVPN memcpy Causing DoSHeap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. |
Sonicos
|
| CVE-2024-29012 | Jun 20, 2024 |
SonicOS HTTP Server Stack Overflow Causing DoS (CVE-2024-29012)Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. |
Sonicos
|
| CVE-2024-29011 | May 01, 2024 |
GMS ECM before 9.3.4 hard-coded password auth bypassUse of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. |
Global Management System
|
| CVE-2024-22396 | Mar 14, 2024 |
SonicOS IPSec IKEv2 Int Buffer OverflowAn Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. |
Sonicos
|
| CVE-2024-22397 | Mar 14, 2024 |
SonicOS SSLVPN Portal XSS for Authenticated Admin UsersImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. |
Sonicos
|
| CVE-2024-22394 | Feb 08, 2024 |
Improper Auth Bypass in SonicWall SonicOS 7.1.1-7040 SSL-VPNAn improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. |
Sonicos
|
| CVE-2023-6340 | Jan 18, 2024 |
SonicWall Capture Client 3.7.10 & NetExtender <=10.2.337 DoS via sfpmonitor.sys Buffer OverflowSonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability. |
Netextender
Capture Client
|
| CVE-2023-44221 | Dec 05, 2023 |
OS Command Injection via SMA100 SSL-VPN ManagementImproper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability. |
|
| CVE-2023-44220 | Oct 27, 2023 |
DLL Search Order Hijack in SonicWall NetExtender <10.2.336SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. |
Netextender
|
| CVE-2023-41715 | Oct 17, 2023 |
SonicOS SSLVPN Tunnel PostAuth Privilege EscalationSonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. |
Sonicos
|
| CVE-2023-39276 | Oct 17, 2023 |
SonicWall SonicOS buffer overflow in getBookmarkList.jsonSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-39277 | Oct 17, 2023 |
SonicOS Buffer Overflow in sonicflow.csv causes firewall crashSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. |
Sonicos
|
| CVE-2023-39278 | Oct 17, 2023 |
SonicOS main.cgi Stack-Based Buffer Overflow via Post-Auth Assertion FailureSonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. |
Sonicos
|
| CVE-2023-39279 | Oct 17, 2023 |
SonicOS getPacketReplayData.JSON SB-Buffer Overflow Crashes FirewallSonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-41711 | Oct 17, 2023 |
SonicOS sonicwall.exp/Prefs.exp PostAuth Stack Overflow (CVE202341711)SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. |
Sonicos
|
| CVE-2023-41712 | Oct 17, 2023 |
SonicOS SSL VPN Buffer Overflow CVE-2023-41712SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. |
Sonicos
|
| CVE-2023-41713 | Oct 17, 2023 |
SonicOS Hard-coded Password in dynHandleBuyToolbar DemoSonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. |
Sonicos
|
| CVE-2023-39280 | Oct 17, 2023 |
SonicOS POST Auth Stack Buffer Overflow in ssoStats-s.xml/wriSonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. |
Sonicos
|
| CVE-2023-44218 | Oct 03, 2023 |
SonicWall NetExtender LPE via Pre-Logon on WindowsA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. |
Netextender
|
| CVE-2023-44217 | Oct 03, 2023 |
SonicWall Net Extender MSI LPE 10.2.336 via RepairA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. |
Netextender
|
| CVE-2023-34137 | Jul 13, 2023 |
SonicWall GMS 9.3.2-SP1 & Analytics 2.5.0.4-R7 pre-auth bypass via static credSonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|
| CVE-2023-34136 | Jul 13, 2023 |
SonicWall GMS/Analytics Unauth Upload to Restricted Dir Before 9.3.2-SP1Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. |
Global Management System
Analytics
|