CVE-2026-0205
published 2026-04-29CVE-2026-0205: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
PriorityP433medium6.8CVSS 3.1
AVAACLPRNUIRSUCLILAH
EPSS
0.43%
34.2th percentile
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | < 6.5.5.2-28n | 6.5.5.2-28n |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | 7.0.0.0 – 7.0.1-5169 | — |
| sonicwall | sonicos | >= 7.1.1-7040 < 7.3.2-7010 | 7.3.2-7010 |
| sonicwall | sonicos | >= 8.0.0-8035 < 8.2.0-8009 | 8.2.0-8009 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7w3q-56fr-6g8c: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services
ghsa_unreviewed·2026-04-29
CVE-2026-0205 [MEDIUM] CWE-35 GHSA-7w3q-56fr-6g8c: A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
VulDB
SonicWall SonicOS path traversal (SNWLID-2026-0004)
vuldb·2026-04-29·CVSS 6.8
CVE-2026-0205 [MEDIUM] SonicWall SonicOS path traversal (SNWLID-2026-0004)
A vulnerability was found in SonicWall SonicOS. It has been classified as critical. Affected is an unknown function. Performing a manipulation results in path traversal: '.../...//'.
This vulnerability was named CVE-2026-0205. The attack needs to be approached within the local network. There is no available exploit.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published