Signal

Two zero-day vulnerabilities exploited in SonicWall SMA1000 appliances

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-15 05:19 UTCUpdated 2026-07-15 18:51 UTC
rss
cveexploitssecurity_advisoriesincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Rapid7 blog on SonicWall SMA1000 zero-days
rapid7.com · rapid7.com · 2026-07-15 16:19 UTC
Overview

SonicWall has disclosed two critical zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA1000 series remote access appliances.

Entities
SonicWallRapid7SMA1000Seth Lazarus
Score total
1.75
Momentum 24h
5
Posts
5
Origins
5
Source types
1
Duplicate ratio
0%
Why now
  • SonicWall publicly disclosed the vulnerabilities on July 14, 2026, following active exploitation.
  • Rapid7 detected exploitation starting June 22, 2026, indicating ongoing threat activity.
  • National cybersecurity agencies have issued urgent advisories recommending immediate action.
Why it matters
  • SonicWall SMA1000 appliances are critical remote access infrastructure widely used in enterprises.
  • Active exploitation of zero-days poses immediate risk of unauthorized access and ransomware attacks.
  • Prompt patching is essential to mitigate ongoing attacks and prevent potential system compromise.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • Two zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 affect SonicWall SMA1000 appliances and are actively exploited.
  • The vulnerabilities enable unauthenticated SSRF and local privilege escalation to root, facilitating remote code execution.
  • Exploitation observed since June 22, 2026, with likely ransomware motives but no confirmed data exfiltration or encryption.
How sources frame it
  • Rapid7 MDR Team: neutral
All evidence
All evidence
Rapid7 blog on SonicWall SMA1000 zero-days
rapid7.com · rapid7.com · 2026-07-15 16:19 UTC
SonicWall customers under threat as attackers exploit 2 zero-days
CyberScoop · cyberscoop.com · 2026-07-15 18:51 UTC
NCSC-2026-0239 [1.00] [H/H] Zero-Day kwetsbaarheden verholpen in SonicWall SMA1000
NCSC NL Security Advisories · advisories.ncsc.nl · 2026-07-15 09:56 UTC
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands
thehackernews · thehackernews.com · 2026-07-15 05:30 UTC
SonicWall Issues Urgent SMA Patch Warning for Two Zero-Day Exploits
SecurityWeek · securityweek.com · 2026-07-15 05:19 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • rapid7.com (1)
  • CyberScoop (1)
  • NCSC NL Security Advisories (1)
  • thehackernews (1)
  • SecurityWeek (1)
Top origin domains (this list)
  • rapid7.com (1)
  • cyberscoop.com (1)
  • advisories.ncsc.nl (1)
  • thehackernews.com (1)
  • securityweek.com (1)