SonicWall Vulnerabilities Allow SQL Injection & Privilege Escalation

A critical security advisory from SonicWall details four vulnerabilities impacting its Secure Mobile Access (SMA) 1000 series appliances.

These security flaws could allow remote attackers to escalate privileges, bypass multi-factor authentication, and enumerate user credentials.

The most severe vulnerability carries a CVSS v3 score of 7.2, making immediate patching a high priority for enterprise network administrators.

Because SMA appliances serve as secure access gateways for remote workers, compromising these devices can grant attackers significant access to internal corporate networks.

Fortunately, SonicWall reports that there is currently no evidence of these vulnerabilities being exploited in the wild.

The company also clarified that these specific flaws do not impact the SSL-VPN features running on standard SonicWall firewalls.

Multiple SonicWall Vulnerabilities

The advisory outlines four distinct Common Vulnerabilities and Exposures (CVEs) impacting the SMA1000 series, discovered by security researchers Anthony Cihan, Danti Gionatan, and Philip Boldt.

• CVE-2026-4112 (CVSS 7.2): An improper neutralization flaw allows a remote authenticated attacker with read-only access to execute SQL injection attacks, escalating their privileges to full primary administrator control.
• CVE-2026-4113 (CVSS 5.3): An observable response discrepancy vulnerability allows an unauthenticated remote attacker to enumerate SSL VPN user credentials successfully.
• CVE-2026-4114 (CVSS 6.6): Improper handling of Unicode encoding allows a remote authenticated SSL VPN administrator to bypass AMC time-based one-time password (TOTP) authentication completely.
• CVE-2026-4116 (CVSS 6.0): A related Unicode handling issue allows a remote authenticated SSL VPN user to bypass Workplace or Connect Tunnel TOTP authentication mechanisms.

Since there are no available workarounds or mitigations for these vulnerabilities, administrators must apply the provided platform hotfixes to secure their networks.

Leaving these appliances unpatched exposes organizations to severe risks, particularly regarding the TOTP bypass vulnerabilities that neutralize key multi-factor authentication defenses.

Users can download the latest platform hotfixes directly from the MySonicWall portal.

• SMA1000 appliances running version 12.4.3-03245 or earlier must be upgraded to the fixed version 12.4.3-03387 or higher.
• SMA1000 appliances running version 12.5.0-02283 or earlier must be upgraded to the fixed version 12.5.0-02624 or higher.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.