Sonicwall Security Vulnerabilities (CVEs)
Track 63 security vulnerabilities affecting Sonicwall products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A post-authentication NULL pointer dereference vulnerability in SonicOS firewalls allows authenticated remote attackers to cause a denial of service b...
Feb 24, 2026This CVE describes post-authentication stack-based buffer overflow vulnerabilities in SonicOS management interfaces. Attackers with valid credentials ...
Feb 24, 2026This CVE describes a local privilege escalation vulnerability in SonicWall SMA1000 appliances where insufficient authorization in the management conso...
Dec 18, 2025A stack-based buffer overflow vulnerability in SonicOS SSLVPN service allows remote unauthenticated attackers to cause denial of service by crashing a...
Nov 20, 2025This critical vulnerability in SonicWall Email Security appliances allows attackers with access to virtual machine disk files or datastores to modify ...
Nov 20, 2025A path traversal vulnerability in SonicWall Email Security appliances allows attackers to bypass directory restrictions using sequences like '../' to ...
Nov 20, 2025A vulnerability in SonicWall SMA100 Series appliances may expose partial user credential data in log files under certain conditions. This allows remot...
Oct 31, 2025A format string vulnerability in SonicOS SSL VPN interface allows remote unauthenticated attackers to execute arbitrary code or cause denial of servic...
Jul 29, 2025A stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attackers to cause denial of service or ...
Jul 23, 2025A reflected cross-site scripting (XSS) vulnerability in the SMA100 series web interface allows remote unauthenticated attackers to inject and execute ...
Jul 23, 2025An authenticated arbitrary file upload vulnerability in SMA 100 series web management interface allows attackers with administrative privileges to upl...
Jul 23, 2025This vulnerability allows authenticated SSLVPN users on SMA100 devices to bypass path traversal protections and delete arbitrary files. Attackers coul...
May 7, 2025A command injection vulnerability in SMA100 SSL-VPN appliances allows authenticated administrators to execute arbitrary shell commands by manipulating...
May 7, 2025A Server-Side Request Forgery (SSRF) vulnerability in the SMA1000 Appliance Work Place interface allows remote unauthenticated attackers to make the a...
Apr 30, 2025A critical pre-authentication deserialization vulnerability in SonicWall SMA1000 management consoles allows remote unauthenticated attackers to execut...
Jan 23, 2025A stack-based buffer overflow vulnerability in SonicWall SMA100 SSLVPN firmware's mod_httprp library allows remote attackers to potentially execute ar...
Dec 5, 2024A stack-based buffer overflow vulnerability in SonicWall SMA100 SSLVPN web management interface allows remote attackers to execute arbitrary code on a...
Dec 5, 2024This vulnerability in SonicWall SMA100 SSLVPN devices uses a weak random number generator for backup codes, allowing attackers to potentially predict ...
Dec 5, 2024An improper access control vulnerability in SonicWall SonicOS management interface allows attackers to bypass authentication and access restricted res...
Aug 23, 2024This vulnerability in SonicWall SMA100 NetExtender Windows client allows an attacker to execute arbitrary code when processing an EPC Client update. I...
Jul 18, 2024CVE-2024-3596 allows a local attacker to forge RADIUS protocol responses by exploiting MD5 collisions, enabling them to modify authentication outcomes...
Jul 9, 2024A stack-based buffer overflow vulnerability in SonicOS HTTP server allows authenticated remote attackers to cause Denial of Service (DoS) by exploitin...
Jun 20, 2024An improper authentication vulnerability in SonicWall SonicOS SSL-VPN allows remote attackers to bypass authentication under specific conditions. This...
Feb 8, 2024This vulnerability allows a remote authenticated attacker to bypass multi-factor authentication (MFA) on SonicWall SMA100 SSL-VPN virtual office porta...
Dec 5, 2023This CVE describes a DLL search order hijacking vulnerability in SonicWall NetExtender Windows client versions 10.2.336 and earlier. A local attacker ...
Oct 27, 2023CVE-2023-41713 is a hard-coded password vulnerability in SonicWall SonicOS affecting the 'dynHandleBuyToolbar' demo function. This allows attackers to...
Oct 17, 2023This vulnerability allows an unauthorized user to exploit SonicWall NetExtender's Pre-Logon feature to gain SYSTEM-level privileges on Windows hosts, ...
Oct 3, 2023This vulnerability in SonicWall GMS and Analytics allows attackers to use password hashes instead of actual passwords for authentication, enabling Pas...
Jul 13, 2023CVE-2023-34136 is a critical vulnerability in SonicWall GMS and Analytics that allows unauthenticated attackers to upload arbitrary files to restricte...
Jul 13, 2023This path traversal vulnerability in SonicWall GMS and Analytics allows authenticated attackers to extract arbitrary files from the underlying filesys...
Jul 13, 2023SonicWall GMS and Analytics use an outdated, weak encryption algorithm (TEA) with a hardcoded key to protect sensitive data. This allows attackers to ...
Jul 13, 2023CVE-2023-34124 is an authentication bypass vulnerability in SonicWall GMS and Analytics Web Services that allows attackers to gain unauthorized access...
Jul 13, 2023This vulnerability allows authenticated attackers to upload arbitrary files with root privileges on SonicWall GMS and Analytics systems. Attackers cou...
Jul 13, 2023This vulnerability involves hardcoded Tomcat application credentials in SonicWall GMS and Analytics configuration files. Attackers who can access thes...
Jul 13, 2023This CVE describes a hard-coded cryptographic key vulnerability in SonicWall GMS and Analytics products. Attackers who discover the embedded key could...
Jul 13, 2023A stack-based buffer overflow vulnerability in SonicOS allows remote unauthenticated attackers to trigger a denial of service by crashing affected fir...
Mar 2, 2023This is an unauthenticated SQL injection vulnerability in SonicWall GMS and Analytics On-Prem products. Attackers can execute arbitrary SQL commands w...
Jul 29, 2022CVE-2022-22282 is an improper access control vulnerability in SonicWall SMA1000 series firmware that allows unauthorized actors to access restricted r...
May 13, 2022SonicWall SMA1000 series appliances use a shared hard-coded encryption key to store sensitive data, allowing attackers who gain access to encrypted da...
May 13, 2022CVE-2021-20051 is a DLL search order hijacking vulnerability in SonicWall Global VPN Client installer versions 4.10.7.1117 and earlier. A local attack...
May 4, 2022This vulnerability in SonicWall firewalls allows attackers to bypass security policies by sending TCP traffic through HTTP/S channels from WAN to DMZ ...
Apr 27, 2022This vulnerability in SonicWall SonicOS CFS allows attackers to cause HTTP Denial of Service (DoS) by triggering large 403 forbidden responses when ac...
Apr 27, 2022CVE-2022-22274 is a critical stack-based buffer overflow vulnerability in SonicOS firewalls that allows remote unauthenticated attackers to trigger de...
Mar 25, 2022This CVE allows attackers to execute arbitrary operating system commands on vulnerable SonicWall Secure Remote Access (SRA) and Secure Mobile Access (...
Mar 17, 2022CVE-2022-0847 (Dirty Pipe) is a Linux kernel vulnerability that allows unprivileged local users to write to read-only files in the page cache, enablin...
Mar 10, 2022A stack-based buffer overflow vulnerability in SonicOS firewalls allows remote authenticated attackers to cause denial of service and potentially exec...
Jan 10, 2022CVE-2021-20049 is a username enumeration vulnerability in SonicWall SMA100's password change API that allows unauthenticated attackers to determine va...
Dec 23, 2021CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary...
Dec 14, 2021CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by explo...
Dec 10, 2021CVE-2021-20042 allows unauthenticated remote attackers to use SonicWall SMA 100 series appliances as unintended proxies to bypass firewall rules. This...
Dec 8, 2021Why Monitor Sonicwall Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 63+ known vulnerabilities affecting Sonicwall products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sonicwall packages in under 60 seconds. No agents required - completely agentless scanning that works across Sonicwall deployments.
Free vulnerability database: Access detailed information about every Sonicwall CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sonicwall CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
