PT-2026-31394 · Sonicwall · Sma1000 Series

Published

2026-04-08

Updated

2026-05-17

CVE-2026-4112

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances

Description An SQL injection flaw exists in SonicWall SMA1000 series appliances. A remote authenticated attacker with read-only administrator privileges can escalate privileges to primary administrator. The issue is due to improper neutralization of special elements used in an SQL command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2026-06577

CVE-2026-4112

Affected Products

Sma1000 Series

PT-2026-31394 · Sonicwall · Sma1000 Series

CVE-2026-4112

Weakness Enumeration

Related Identifiers

Affected Products

References · 13