SonicWall SMA1000 Auth Bypass via Unicode in SSLVPN TOTP
CVE-2026-4114 Published on April 9, 2026

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication.

Vendor Advisory NVD

Weakness Type

Improper Handling of Unicode Encoding

The software does not properly handle when an input contains Unicode encoding.

Affected Versions

SonicWall SMA1000:

Version 12.4.3-03245 (platform-hotfix) and earlier versions. is affected.
Version 12.5.0-02283 (platform-hotfix) and earlier versions. is affected.

Exploit Probability

EPSS

0.03%

Percentile

9.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

SonicWall SMA1000 Auth Bypass via Unicode in SSLVPN TOTPCVE-2026-4114 Published on April 9, 2026

Weakness Type

Improper Handling of Unicode Encoding

Affected Versions

Exploit Probability

SonicWall SMA1000 Auth Bypass via Unicode in SSLVPN TOTP
CVE-2026-4114 Published on April 9, 2026