Post-Auth Path Traversal in SonicOS
CVE-2026-0205 Published on April 29, 2026

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

Vendor Advisory NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

HIGH

Weakness Type

Path Traversal: '.../...//'

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Products Associated with CVE-2026-0205

Want to know whenever a new CVE is published for SonicWall Sonicos? stack.watch will email you.

SonicWall Sonicos

Affected Versions

SonicWall SonicOS:

Version 6.5.5.1-6n and older versions is affected.
Version 7.0.1-5169 and older versions is affected.
Version 7.3.1-7013 and older versions is affected.
Version 8.1.0-8017 and older versions is affected.

Exploit Probability

EPSS

0.01%

Percentile

1.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.