CVE-2026-4113
published 2026-04-09CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.36%
28.2th percentile
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openexr | openexr | >= 3.3.0 < 3.3.7 | 3.3.7 |
| openexr | openexr | >= 3.4.0 < 3.4.5 | 3.4.5 |
| sonicwall | sma | — | — |
| sonicwall | sma1000 | — | — |
| sonicwall | sma1000 | — | — |
| sonicwall | sma6200_firmware | < 12.4.3-03387 | 12.4.3-03387 |
| sonicwall | sma6200_firmware | >= 12.5.0 < 12.5.0-02624 | 12.5.0-02624 |
| sonicwall | sma6210_firmware | < 12.4.3-03387 | 12.4.3-03387 |
| sonicwall | sma6210_firmware | >= 12.5.0 < 12.5.0-02624 | 12.5.0-02624 |
| sonicwall | sma7200_firmware | < 12.4.3-03387 | 12.4.3-03387 |
| sonicwall | sma7200_firmware | >= 12.5.0 < 12.5.0-02624 | 12.5.0-02624 |
| sonicwall | sma7210_firmware | < 12.4.3-03387 | 12.4.3-03387 |
| sonicwall | sma7210_firmware | >= 12.5.0 < 12.5.0-02624 | 12.5.0-02624 |
| sonicwall | sma8200v | < 12.4.3-03387 | 12.4.3-03387 |
| sonicwall | sma8200v | >= 12.5.0 < 12.5.0-02624 | 12.5.0-02624 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
SonicWall SMA1000 SSL VPN response discrepancy (SNWLID-2026-0003 / EUVD-2026-20904)
vuldb·2026-04-09·CVSS 7.2
CVE-2026-4113 [HIGH] SonicWall SMA1000 SSL VPN response discrepancy (SNWLID-2026-0003 / EUVD-2026-20904)
A vulnerability was found in SonicWall SMA1000. It has been classified as problematic. This impacts an unknown function of the component SSL VPN. The manipulation leads to observable response discrepancy.
This vulnerability is referenced as CVE-2026-4113. Remote exploitation of the attack is possible. No exploit is available.
GHSA
GHSA-fvcv-8g7r-6893: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credent
ghsa_unreviewed·2026-04-09
CVE-2026-4113 CWE-204 GHSA-fvcv-8g7r-6893: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credent
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
GHSA
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
ghsa·2026-04-06
CVE-2026-26981 [MEDIUM] CWE-195 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
## Summary
A heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read` function in `ImfContextInit.cpp` when parsing a malformed EXR file through a memory-mapped `IStream`. A signed integer subtraction produces a negative value that is implicitly converted to `size_t`, resulting in a massive length being passed to `memcpy`.
## Affected Version
- OpenEXR **main branch** (commit at time of testing)
- `src/lib/OpenEXR/ImfContextInit.cpp`, lines 121–136
## Root Cause
`ImfContextInit.cpp:121-126`:
```cpp
int64_t stream_sz = s->size (); // e.g., 21 (actual file size)
int64_t nend = nread + (int64_t)sz; // e.g., 17 + 4096 = 4113
if (stream_sz > 0 && nend > stream_sz)
{
sz = stream_sz - nend;
SonicWall
CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credent
vendor_sonicwall·2026-04-09·CVSS 7.2
CVE-2026-4113 [HIGH] CWE-204 CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credent
CVE-2026-4113: An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-09
Published