CVE-2026-0204
published 2026-04-29CVE-2026-0204: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
PriorityP344high8CVSS 3.1
AVAACLPRNUIRSUCHIHAH
EPSS
0.42%
33.4th percentile
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | < 6.5.5.2-28n | 6.5.5.2-28n |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | 7.0.0.0 – 7.0.1-5169 | — |
| sonicwall | sonicos | >= 7.1.1-7040 < 7.3.2-7010 | 7.3.2-7010 |
| sonicwall | sonicos | >= 8.0.0-8035 < 8.2.0-8009 | 8.2.0-8009 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c5fx-h6fr-53h9: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions
ghsa_unreviewed·2026-04-29
CVE-2026-0204 [HIGH] CWE-306 GHSA-c5fx-h6fr-53h9: A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
VulDB
SonicWall SonicOS Management Interface weak authentication (SNWLID-2026-0004)
vuldb·2026-04-29·CVSS 8.0
CVE-2026-0204 [HIGH] SonicWall SonicOS Management Interface weak authentication (SNWLID-2026-0004)
A vulnerability was found in SonicWall SonicOS and classified as problematic. This impacts an unknown function of the component Management Interface. Such manipulation leads to weak authentication.
This vulnerability is uniquely identified as CVE-2026-0204. The attack can only be initiated within the local network. No exploit exists.
No detection rules found.
No public exploits indexed.
2026-04-29
Published