cbcvebase.
CVE-2026-3468
published 2026-03-31

CVE-2026-3468: A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied…

PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.23%
13.1th percentile
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowing a remote authenticated attacker as admin user to potentially execute arbitrary JavaScript code.

Affected

4 ranges
VendorProductVersion rangeFixed in
sonicwallemail_security< 10.0.35.840510.0.35.8405
sonicwallemail_security
sonicwallemail_security
sonicwallemail_security
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.