SonicWall Firewalls Vulnerable to Pre-Auth RCE
SonicWall discloses a critical pre-authentication RCE vulnerability affecting SMA and SonicOS products.
Executive Summary
CVE-2026-1287 (CVSS 9.8) affects SMA 100/1000 series and SonicOS firewalls. Heap-based buffer overflow in SSL VPN portal allows unauthenticated RCE with root privileges.
Technical Analysis
The vulnerability is in HTTP header handling during authentication. No active exploitation yet, but technical details enable rapid weaponization.
Remediation
Patch SMA and SonicOS devices immediately. If unable to patch, disable SSL VPN or restrict to known IP ranges. Audit for unauthorized admin accounts.
References
- SonicWall PSIRT
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003
Concerned about this threat?
Our security team can assess your exposure and recommend immediate actions.
Protect Your Organization
Find vulnerabilities like this in your systems before attackers do.
24/7 monitoring to detect and respond to threats like these in real time.
Block phishing and malware delivery targeting your organization.
Map security controls to 26 frameworks including NIST, SOC 2, and HIPAA.