SonicOS AMI Access Control Bypass (CVE-2026-0204)
CVE-2026-0204 Published on April 29, 2026
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
Weakness Types
CWE-1390
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2026-0204
Want to know whenever a new CVE is published for SonicWall Sonicos? stack.watch will email you.
Affected Versions
SonicWall SonicOS:- Version 6.5.5.1-6n and older versions is affected.
- Version 7.0.1-5169 and older versions is affected.
- Version 7.3.1-7013 and older versions is affected.
- Version 8.1.0-8017 and older versions is affected.
Exploit Probability
EPSS
0.01%
Percentile
0.22%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.