HIGH🇵🇱 Wersja polska

CVE-2026-4116

CVSS 7.2v3.1pub. 2026-04-09upd. 2026-05-14

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Sonicwall Sma6200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6200 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma6210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma6210 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma7200

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7200 Firmware

    OS
    Sonicwall
    12.5.0 – 12.5.0-02624 (bez)< 12.4.3-03387
  • Sonicwall Sma7210

    HW
    Sonicwall
    wszystkie wersje
  • Sonicwall Sma7210 Firmware

    OS
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
  • Sonicwall Sma8200v

    APP
    Sonicwall
    < 12.4.3-0338712.5.0 – 12.5.0-02624 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
VPN
CWE
References

Related vulnerabilities

CVE-2025-23006CRITICAL9.8⚠ KEVPL ✓ten sam produkt

SonicWall SMA1000 — pre-auth deserialization umożliwiający RCE

CVE-2026-4112HIGH7.2ten sam produkt

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 seri...

CVE-2026-4113HIGH7.2ten sam produkt

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote at...

CVE-2025-40602MEDIUM6.6⚠ KEVten sam produkt

A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 applianc...

CVE-2026-4114MEDIUM6.6ten sam produkt

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSL...