CVE-2026-0206
published 2026-04-29CVE-2026-0206: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
PriorityP433medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.50%
39.3th percentile
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sonicwall | sonicos | < 6.5.5.2-28n | 6.5.5.2-28n |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | — | — |
| sonicwall | sonicos | 7.0.0.0 – 7.0.1-5169 | — |
| sonicwall | sonicos | >= 7.1.1-7040 < 7.3.2-7010 | 7.3.2-7010 |
| sonicwall | sonicos | >= 8.0.0-8035 < 8.2.0-8009 | 8.2.0-8009 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m2qr-65hg-q8ff: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall
ghsa_unreviewed·2026-04-29
CVE-2026-0206 [MEDIUM] CWE-121 GHSA-m2qr-65hg-q8ff: A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
VulDB
SonicWall SonicOS stack-based overflow (SNWLID-2026-0004)
vuldb·2026-04-29·CVSS 4.9
CVE-2026-0206 [MEDIUM] SonicWall SonicOS stack-based overflow (SNWLID-2026-0004)
A vulnerability has been found in SonicWall SonicOS and classified as critical. This affects an unknown function. This manipulation causes stack-based buffer overflow.
This vulnerability is handled as CVE-2026-0206. The attack can be initiated remotely. There is not any exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published