CVE-2026-4112 — SQL Injection in Sma1000

CWE-89 — SQL Injection3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 78.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sonicwall Sma1000

Timeline

PublishedApr 9

Description

Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator.

Affected Packages1 packages

▶CVEListV5sonicwall/sma100012.4.3-03245 (platform-hotfix) and earlier versions., 12.5.0-02283 (platform-hotfix) and earlier versions.+1

🔴Vulnerability Details

CVEList

CVE-2026-4112: Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authentica↗2026-04-09

▶

GHSA

GHSA-rh6r-h796-j349: Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authentica↗2026-04-09

▶