SonicWall Releases Security Updates for SonicOS

CVE-2026-0204 could allow an unauthenticated attacker to access certain management interface functions

Threat ID:: CC-4775
Threat Severity:: Medium
Published:: 30 April 2026 1:15 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2026-0204 could allow an unauthenticated attacker to access certain management interface functions

Affected platforms

The following platforms are known to be affected:

SonicWall SonicOS

all prior to 6.5.5.2-28n
all prior to 7.3.2-7010
all prior to 8.2.0-8009

Threat details

Introduction

SonicWall has released a security update addressing three vulnerabilities affecting SonicOS. Successful exploitation could allow an unauthenticated attacker to bypass authentication and access certain management interface functions or restricted services.

CVE-2026-0204 - 'Improper Access Control' vulnerability - CVSS v3.1 Base Score: 8.0
CVE-2026-0205 - 'Post-Authentication Path Traversal' vulnerability - CVSS v3.1 Base Score: 6.8
CVE-2026-0205 - 'Post-Authentication Stack-based Buffer Overflow' vulnerability - CVSS v3.1 Base Score: 4.9

Remediation advice

Affected organisations are encouraged to review SonicWall Security Advisory SNWLID-2026-0004 and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0004

CVE Vulnerabilities

Status Published

CVE-2026-0204

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

Status Published

CVE-2026-0205

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

Status Published

CVE-2026-0206

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

Last edited: 30 April 2026 1:15 pm